Cookies:

Features:

  1. Cookies are stored on the client side.
  2. Cookies are a mechanism for clients to save user information and record some user information.
  3. Cookie is non-cross-domain (Google’s Cookie will not be brought when the browser visits Baidu).
  4. Session cookies (typically in memory) and persistent cookies (typically on hard disk).

Create:

When user A purchases an item and places it in the shopping cart, the server cannot determine whether the purchase belongs to user A’s session or user B’s session. What to do? Just issue a pass to the clients, one for each, and whoever accesses must bring their own pass. So the server can identify the client from the pass.

The client requests the server. If the server needs to record the user status, it issues a Cookie to the client browser using response, and the client saves the Cookie.

When the browser requests the site again, the browser submits the requested URL along with the Cookie to the server. The server checks the Cookie to identify the user’s state. The server can also modify the contents of the Cookie as needed.






The session:

Features:

  1. Sessions are stored on the server side, theoretically there is no limit, as long as you have enough memory.
  2. Session is a mechanism used by the server to identify a user when recording user status under the stateless HTTP protocol.
  3. A Session relies on the Session ID, and the Session ID is stored in the Cookie. That is, if cookies are disabled by the browser, the Session is invalid (but this can be done in other ways, Such as passing the Session ID in the URL).
  4. Sessions are commonly used for user authentication. Therefore, the core of maintaining a Session is the unique identifier of the client, namely the Session ID.
  5. Session is realized based on Cookie technology. After restarting the browser, a new session will still be created if you access the original connection again, because the Cookie will disappear after closing the browser. However, the session of the original server will be automatically destroyed until the time of destruction

Create:

When the application needs to create a session for a client request, the server first checks whether the client request contains the sessionId. If it contains the sessionId, it indicates that a session has been created for the client before.

The server retrieves the session based on the session ID and uses it. If the client request does not contain a session ID, it creates a session for the client and generates a session ID associated with the session.

The value of the sessionId is a string that is neither repeated nor easily modeled, and the sessionId will be returned to the client for storage in this response.






Thing in common:

  1. Cookies and sessions are Session tracking technologies