1. The cookie data is stored on the client's browser, and the session data is stored on the server.
2. Cookies are not very safe. Others can analyze the cookies stored locally and deceive them. Sessions should be used for security reasons.
3. The session will be saved on the server within a certain period of time. When access increases, it will take up more of your server's performance. In order to reduce server performance, COOKIE should be used.
4. The limit of a single cookie on the client is 3K, which means that a site cannot store 3K COOKIES on the client.
Example, COOKIE
For example: setCookie('user','zhangsan',time()+3600), which means that the user variable value is Zhang San's cookie survival time is 1 hour. It should be noted here that this function belongs to the header function, which is equivalent to For the header() jump function in php, there cannot be "any output (including spaces)" before it.
2. Use $_COOKIE['user'] to get the cookie value. www.111cn.net
3. Log out cookie: setCookie('user','',time()-3600); or setCookie('user');
4.
//Delete the client’s sessionid in the cookie
if(isset($_COOKIE[session_name()])){
setCookie(session_name(),'',time()-30,'/');
}
Example, session
1. //Open session
session_start();
2. //Clear session value
$_SESSION = array();
// Completely destroy the session
session_destroy();
Who is safer, session or cookie?
Personally, I think session is safer. I have the following opinions.
1. If session and cookie were as secure, they would not exist at the same time. Just cookie would be enough, allowing the client to offload the burden of the server, and it would be transparent to the user. Why not.
2. The session ID of the session is placed in the cookie. If you want to break the session, you must break the cookie first. After breaking the cookie, you need to get the sessionID. The sessionID will only be available when someone logs in or starts session_start. You don't know when someone will log in. Second, the session ID is encrypted. When session_starts for the second time, the previous session ID will be useless. When the session expires, the session ID will also become invalid. It is difficult to break the encrypted session ID in a short time. The session is for a certain communication. When the session ends, the session disappears, and the real cookie exists in a text file on the client's hard disk. It is obvious who is safe.
3. If the session is so easy to be compromised and so unsafe, I think most of the existing websites are unsafe.