A brief analysis of cookie and session technology in PHP

1.What are cookies?

Cookie refers to the data (usually encrypted) stored on the user's local terminal by some websites in order to identify the user's identity and perform session tracking.

To put it simply, you go to a specialty store or supermarket to buy something, and then the store will apply for a membership card for you. In the future, your identity and purchase information will be stored in this card, and this card will store your On the body. After that, you only need to swipe the card every time you go to buy something, and there is no need to register or record other information.

Then map this paragraph to the web. The supermarket checkout counter is the server, and you yourself are the client. The card you carry is the cookie file stored in the client, which records you. account password and other information.

However, one thing to note is that the cookie will only take effect the second time it is used. That is to say, when you buy something for the first time in the supermarket, they will apply for a card for you, and you can swipe the card for future purchases. However, before the first purchase, the supermarket does not have any information about you, so you don’t have a card at all for the first time. The same goes for websites. When you log in to a website for the first time, of course you have to enter your account, password and other information, and then you can generate a cookie and store it locally for next time use.

At the same time, cookies also have their own validity period. After the expiration, they will become invalid and the local cookie files will be automatically deleted. You need to log in again, enter your account and password, and then generate a new cookie. The main purpose of doing this is for safety reasons.

2. Cookie mechanism diagram.

3. How to use cookies.

(1) Set cookie

bool setcookie ( string $name,$value,$expire,$path,$domain,$secure,$httponly  

setcookie("username","user",0,"/");
setcookie("username","user",time()+60*60,"/");

The usage of each parameter will not be explained. Here we focus on analyzing the time and path in the above two methods of setting cookies.

Put a 0 in the first time, does it mean that the survival time is 0. It is obviously impossible. It has a special meaning, indicating that the validity period of the cookie ends when the browser is closed. They all put a "/" in their paths. This means that all content paths under this domain name can access the cookie, which means that all pages under this website can track this cookie.

(2) Delete cookies

setcookie("username","",time()-3600,"/");

(3) View cookies

print_r($_COOKIE);

-------------------------------------------------- ----------------------------------------

-----------------------------I am the dividing line---------- --------------------------------

-------------------------------------------------- ----------------------------------

1.What is session?

Session refers to the time interval between an end user communicating with the interactive system, usually referring to the time elapsed from registering to enter the system to logging out of the system.

2. Diagram of session mechanism.

3. How to use session.

(1) Set session

session_start();

$_SESSION['username']="user";

（2）删除session

这个相对步骤就多了点，而不是cookie里面一句话搞定。

//开启session
session_start();

//注销session
session_unset();

//销毁session
session_destroy();

//同时销毁本地cookie中的sessionid
setcookie(session_name(),"",time()-3600,"/");

print_r($_SESSION);

1.cookie与session优缺点。

cookie本身是存放在客户端中，仅占用几kb的内存大小。每次登录网站的时候都会带上本地的cookie进行验证，省去了麻烦的重复输入。但是安全性不是很高，毕竟是存放在本地的文件，虽然都是进行加密了的，一旦电脑数据被盗取，cookie就很有可能会被获取。

session存放在服务器中，占中内存虽小，但是用户基数够大的情况下，会对服务器造成很大的负荷。但是，数据放在服务器上，总归风险降低了许多。虽说没有不透风的墙，不过风也是可以很小很小的，这比喻。。。有同学可能疑问，session使用时，会有sessionid存在本地，一旦获取能否登录。答案当然是否定的，因为每次的id都是不一样的。