The essential difference between cookies and sessions

HTTP is a “stateless” protocol

When a client accesses a page, the client opens a separate connection to the Web server
And the server does not automatically retain any information previously requested by the client
So the server can’t tell if multiple requests are coming from the same client (browser)

The server can identify whether multiple requests are coming from the same client
The same clients share data

A Cookie is a small string of data stored directly in a browser
Use document.cookie to access the browser’s cookie
When modifying cookies, only the cookies that mention keys are modified
The maximum size of a single cookie is 4KB, with a maximum of 20+ cookies (depending on browser)
If the Cookie expiration time is not set, the Cookie becomes invalid when the browser closes
If the Cookie expiration time is set, the Cookie will not become invalid even after the browser is closed

Browser: RequestHeader
The ResponderHeader is what the server can do to tell the browser to write a Cookie

At this point, it's still very vague

Continue to summarize

The first time a client accesses the server, it must be without cookies,
When the server receives the request and sees that there is no Cookie in the request, it generates Ssssion and generates a JESSIONID for the Session, such as “2333333333”.
And then I’ll call the ResponderHeader and tell the browser, “JESSIONID =” 2333333333.”
The next time the browser requests a Session, the Cookie with a Session ID = “2333333333” will go to the server, the server will see that the Cookie has a Session ID, and it will find the original Session based on the Session ID
At this point, the server knows that it is the same client

Speaking of which, you can score