1. Cookie: records the interaction information between the client and the server.
The cookie specification defines the format, lifetime, usage scope, and security of interactive information between the server and the client.
This information can be read or set through document.cookie in JavaScript. Since cookies are mostly used for communication between the client and the server, in addition to JavaScript, server-side languages (such as PHP) can also access cookies.
2. Cookie is a mechanism that stores data on the remote browser side and uses it to track and identify users. From an implementation perspective, a cookie is a small piece of data stored on the client. The browser (ie, the client) interacts with the server through the HTTP protocol. Cookies have a size limit, and the data stored in each cookie cannot exceed 4kb. If the length of the cookie string exceeds 4kb, this attribute will return an empty string.
3. Cookies are implemented and managed by the browser.
4. The attributes of the cookie itself include "Comment", "Domain", "Max-Age", "Path", "Secure", and "Version". For specific usage, please refer to JavaScript Operation Cookie.
Comment The attribute is a description of the cookie generated by the cookie;
Domain The attribute defines the domain name that can access the cookie. For some large If you want cookies to be shared among subsites, you can use this attribute. For example, if the Domain is set to .bigsite.com, then both sub1.bigsite.com and sub2.bigsite.com can access the cookies saved on the client. In this case, the Path needs to be set to /.
Max-Age The attribute defines the validity time of the cookie, counted in seconds. When the validity period expires, the cookie information will not be appended to the HTTP message header from the client and sent to the server.
Path The attribute defines the path of the page on the website where the cookie can be accessed. By default, Path is the path when the cookie is generated. At this time, the cookie can be accessed by this path and its sub-paths. Page access; Path can be set to / so that the cookie can be accessed by all pages under the website.
Secure The attribute value defines the security of the cookie. When the value is true, the cookie must be in the HTTPS state before the cookie is attached to the HTTP message from the client and sent to the server. When HTTP Cookies are not sent; when Secure is false, cookies can be passed in the HTTP state. Secure defaults to false.
Version The attribute defines the version of the cookie, as defined by the creator of the cookie.
5. Use of cookies:
The server creates the information to be recorded and then passes it to the client. The client takes out the information from the HTTP message and saves it on the local disk. When the client accesses the server again, it reads the originally saved information from the local disk, attaches it to the HTTP message and sends it to the server. The server reads the information from the HTTP message and performs further processing according to the needs of the actual application. .
6. Since cookie information is stored in plain text in text files, if some sensitive information such as passwords and bank account numbers are to be stored in local cookie files, it is best to use encrypted form.
1. Session is a reply, which refers to a continuous, two-way connection. There is essentially no difference between Session and Cookie. They are both mechanisms proposed to maintain the session connection state between the client and the server in response to the limitations of the HTTP protocol. Session is also a universal standard, but implemented differently in different languages. For Web websites, Session refers to the session from when a user enters the website to closing the browser when browsing a website. Session is actually a specific time concept.
2. Session determines the client user through session ID, which is the file name of the Session file. The sessionID is actually passed between the client and the server through HTTP Request and HTTP Response. The sessionID is generated according to a certain algorithm and must be included in the HTTP Request to ensure uniqueness and randomness to ensure session security. If the Session generation cycle is not set, the session ID is stored in the memory, and the ID is automatically logged out after closing the browser; re-requesting the page will re-register a session ID. If the client does not disable cookies, the cookie plays the role of storing the session ID and session lifetime when starting the Session session. After the Session expires, PHP will recycle it.
1. Session is on the server side, and cookie is on the client side (browser)
2. Session exists in a file on the server (default), not Memory
3. The operation of session depends on the session id, and the session id is stored in the cookie. That is to say, if the browser disables cookies, the session will also become invalid (of course it can also be passed in the URL)
4. Session can be placed in a file, database, or memory.
5. Session is generally used for user verification. Therefore, the core of maintaining a session is the unique identifier of the client, that is, session id.
6. If the session occupies too much memory, it will cause a certain burden on the server service performance. . The data saved by cookies is limited
7. The session saves objects, and the cookie saves key-value pairs of string type.
Explanation:
Since the HTTP protocol is a stateless protocol, when the server needs to record the user's status, it needs to use some mechanism to identify the specific user. This mechanism is Session. In a typical scenario, such as a shopping cart, when you click the order button, since the HTTP protocol is stateless, it is not known which user operated it, so the server needs to create a specific Session for the specific user to identify this user, and track the user so that you know how many books are in the shopping cart. This Session is saved on the server side and has a unique identifier. There are many ways to save Session on the server side, including memory, database, and files. Session transfer should also be considered when clustering. In large websites, there is usually a dedicated Session server cluster to save user sessions. At this time, Session information is stored in memory, and some caching services such as Memcached are used. Something like that to put the Session.
Think about itHow does the server identify a specific customer? At this time Cookie appears. Each time an HTTP request is made, the client will send corresponding cookie information to the server. In fact, most applications use cookies to implement session tracking. When a session is created for the first time, the server will tell the client in the HTTP protocol that a session ID needs to be recorded in the cookie. This will be recorded for each subsequent request. The session ID is sent to the server and I know who you are. Someone asked, what should I do if the client's browser disables cookies? Generally, in this case, a technology called URL rewriting is used for session tracking. That is, for each HTTP interaction, a parameter such as sid=xxxxx will be appended to the URL, and the server will use this to identify the user.
Cookies can actually be used in some user-friendly scenarios. Imagine that you have logged into a website once, and you don’t want to enter your account again when you log in next time. What should you do? This information can be written into the cookie. When visiting the website, the script of the website page can read this information and automatically fill in the user name for you, which can facilitate the user. This is also the origin of the cookie name, giving users a little sweetness. So, to summarize: Session is a data structure saved on the server to track the user's status. This data can be saved in clusters, databases, and files; Cookie is a mechanism for the client to save user information and is used to record Some user information is also a way to implement Session.
Web storage is a new way to store data on the client. HTML5 provides a new method of storing data on the client. There are two types: localStorage and sessionStorage; using it, you can store data on the client. A database is established locally on the client side, and the content originally saved in the server-side database can be directly saved locally on the client side, which greatly reduces the burden on the server side and speeds up the speed of accessing data.
1. localStorage: data is saved permanently. Save the data in the client's local hardware device (hard disk or other hardware device), and the data will still exist even if the browser is closed. The scope of localStorage is limited to the document source level. Different document sources cannot read and modify each other's data, but the same document source can. However, different browsers do not share Storage, which means that the data you store in the Chrome browser cannot be accessed in Firefox, even if they are the same document source.
2. sessionStorage: temporary storage of data. Data is stored in session objects. The storage time is the time from entering the web page to closing the browser web page. The scope of sessionStorage is also limited to the document source level. Not only that, it is also limited to tabs. The same page in different tabs has its own sessionStorage, and data cannot be shared. If there are two iframe elements in a page, they share sessionStorage.
The above is the detailed content of Summary of functions cookie, session, and storage. For more information, please follow other related articles on the PHP Chinese website!
cookie
Reasons for session failure
Session failure solution
How to solve the problem that document.cookie cannot be obtained
What does it mean to block all cookies?
The computer system consists of
pycharm open new file method
What should I do if English letters appear when I turn on the computer and the computer cannot be turned on?
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
