The cookie and session
The caching mechanism of the browser provides a way to store user data on the client. Cookies and sessions can be used to interact with the server. Cookies and sessions are sessions used to track the identity of a browser user.
The difference between cookies and sessions
1> Mode of use
Cookie mechanism:
If an expiration event is not set in the browser, the cookie is stored in memory and its life cycle ends when the browser closes. This cookie is called session cookie for short.
If a cookie expiration event is set in the browser, the cookie will be saved in the hard disk. After the browser is closed, the cookie data will still exist until the expiration event ends.
Cookies are special information sent by the server to the client. Cookies are stored in the client in the form of text and are carried with each request.
The session mechanism:
When the server receives a request and needs to create a session object, it first checks whether the client request contains a sessionID.
If there is a sessionID, the server returns the corresponding session object based on the ID. If the client request does not have a session ID, the server creates a new session object and returns the session ID to the client in the response.
Generally, the sessionid is stored to the client in cookie mode, and the browser sends the sessionid to the server according to the rules during the interaction.
If the user disables cookies, URL rewriting is required, which can be achieved through Response.encodeURL (URL). When the browser supports cookies, the URL does nothing. When the browser does not support cookies, the URL will be overwritten to concatenate the sessionid to the access address.
2. Storage location
Cookies are stored on the browser and sessions are stored on the server.
3. Storage size
The data stored in a single cookie cannot exceed 4KB. There is no limit to the session size.
4. Store content
Cookies can only be saved as strings, as text. Sessions are stored in a data structure similar to Hashtable and can support any type of object (a session can contain multiple objects).
5. Security
Session is more secure than cookie.
- Sessionids are stored in cookies. To break a session, you must first break a cookie.
- Sessionid is only available when someone logs in or starts session_start, so cookies can not be broken to get sessionID.
- After session_start is started for the second time, the previous sessionID becomes invalid. After the session expires, the sessionID also becomes invalid.
- Sessionid is encrypted.
6. Application scenarios
Cookies:
(1) Determine whether the user has logged in to the website, so that the next login can be realized automatically (or remember the password).
(2) Save the event information of the last login.
(3) Save the page you viewed last time.
(4) Browse count.
The session:
(1) Shopping cart in online shopping mall.
(2) Save user login information.
(3) Put some data into session for different pages of the same user.
(4) Prevent illegal login.
7. Shortcomings
Cookies:
(1) Limited size.
(2) Users can operate (disable) cookies, so that the function is limited.
(3) Low security.
(4) Some states cannot be saved in the client.
(5) Each access to send cookies to the server, wasting broadband.
(6) Cookie data has the concept of path, which can restrict cookies to only belong to a certain path.
The session:
(1) The more things the session stores, the more memory the server occupies. For websites with a large number of online users, the memory pressure of the server will be relatively high.
(2) rely on cookies (sessionID stored in cookies), if cookies are disabled, use URL rewriting.
(3) Creating session variables is very arbitrary, can be called at any time, does not require the developer to do precise processing, so excessive use of session variables will lead to code unreadable and difficult to maintain.
WebStorage
The purpose of WebStorage is to overcome some of the limitations imposed by cookies. When data needs to be tightly controlled on the client, it does not need to continuously send data back to the server.
WebStorage has two main goals:
1. Provide a path to store session data outside of cookies.
2. Provide a mechanism for storing large amounts of data that can exist across sessions.
HTML5 WebStorage provides two apis: localStorage (localStorage) and sessionStorage (sessionStorage).
1. Life cycle
The life cycle of localStorage is permanent, and the data in localStorage does not disappear after the page or browser is closed.
LocalStorage data will never disappear unless it is actively deleted.
The sessionStorage lifetime is valid only for the current session. SessionStorage introduces the concept of a “browser window”.
SessionStorage is data that is always present in the same-origin window. As long as the browser window is not closed, the data remains even if the page is refreshed or another page is entered. However, sessionStorage is destroyed when the browser window is closed. At the same time independently open the same window the same page, sessionStorage is not the same.
2. Storage size
The data size of localStorage and sessionStorage is generally 5MB.
3. Storage location
Both localStorage and sessionStorage are stored in the client and do not interact with the server.
4. Store the content type
LocalStorage and sessionStorage can only store string types, and for complex objects can be handled using Stringify and Parse for JSON objects provided by ECMAScript.
5. Acquisition method
LocalStorage: window. LocalStorage
SessionStorage: window. SessionStorage
6. Application scenarios
LocalStorage: used for long-term login (+ determine whether a user has logged in). It is suitable for data stored locally for a long time.
SessionStorage: one-time login with sensitive accounts.
The advantages of WebStorage
(1) Larger storage space: Cookie is 4KB, while WebStorage is 5MB.
(2) Save network traffic: WebStorage will not be transmitted to the server, stored in the local data can be directly obtained, not like cookies every request will be transmitted to the server, so reduce the interaction between the client and the server, saving network traffic.
(3) sessionStorage is very convenient for data that only needs to be saved during the user browsing a set of pages and can be discarded after closing the browser.
(4) Fast display: some data stored in the WebStorage plus the browser itself cache. When you get data you can get it locally much faster than getting it from the server, so it’s faster.
(5) Security: WebStorage will not be sent to the server with the HTTP header, so the security will be higher than the cookie, will not worry about interception, but there are still counterfeiting problems.
(6) WebStorage provides some methods, data operation is more convenient than cookie.
- SetItem (key, value) — Saves data and stores information as key-value pairs
- GetItem (key) — Get the data, pass in the key value, and get the corresponding value
- RemoveItem (key) – Removes a single item of data, removing the corresponding information based on the key value
- Clear () — Delete all data
- Key (index) – Gets the key of an index
This article has been extracted from the following articles:
Discussion on cookie, session and localStorage, sessionStorage differences