Difference: 1. Cookies are stored in the browser, which is relatively unsafe; while sessions are stored in the server, which are relatively safer. 2. The data stored by cookies has quantity and size restrictions, but sessions do not. 3. The data saved by cookie is of string type, and the data saved by session is of object type.
The operating environment of this tutorial: windows7 system, PHP7.1 version, DELL G3 computer
Whether you are a system operation and maintenance or PHP developer In interviews, I am often asked what is the difference between Session and Cookie in PHP? Let's summarize it below:
Cookies are only generated, managed and used by the client. PHP only issues instructions asking the client how to generate cookies, when to expire, etc., but the client may not necessarily follow PHP's instructions. work.
Cookies are not very safe. Criminals can perform cookie spoofing by analyzing local cookies. Considering security issues, it is recommended to store important user information in the Session, and other unimportant information that needs to be retained can be stored in Cookies.
Session is the session from when the user enters a website to closing the browser. It is stored in the server disk in the form of a file by default. Therefore, setting too many Sessions will affect the performance of the disk. You can also use the Memory engine to save it. Enter MySQL. Because the memory engine reads and writes quickly, you can now specify to use Redis to process Session, which is faster and more efficient.
The revocation mechanism of Session is passive. Generally speaking, once the browser is closed, the Session will be automatically recycled by PHP. However, sometimes even if the expiration time is set and the browser is closed, the Session may not be deleted, such as When setting up multiple directories and multiple levels to save the Session, you need to manually delete the Session through a PHP script.
Usually Cookies are bound to Sessions, that is, when users do not disable Cookies, Cookies will generally save the Session ID and Session lifetime. If the user deletes Cookies, they will generally exit the system; if Cookies are not disabled, the browser will be closed. The session will also become invalid immediately, and you need to log in to the system again.
Cookie and Session are generally used to identify users, authenticate permissions, store simple data, and use cookies to achieve single sign-on.
The data stored by cookies will have different restrictions in different browsers. Generally, under the same domain name, the number of cookie variables is controlled within 20, and the value size of each cookie is controlled within 4kb. There is no limit on the size or number of Session values, but if there are too many, it will increase the pressure on the server. In addition, the content saved by Cookie is a string, while the data saved by Session is an object.
Session cannot distinguish paths. During the same user's visit to a website, all Sessions can be accessed anywhere; and if the path parameter is set in the cookie, then all Sessions under different paths in the same website can be accessed anywhere. Cookies are not accessible to each other.
The difference between COOKIE and SESSION
(1) Storage location: Cookie is stored in the client browser, which is relatively unsafe; the file containing the Session content is stored in the server , generally in the tmp folder in the root directory, which is relatively safer.
(2) Quantity and size limit: The data stored by Cookie will have different restrictions in different browsers. Generally, under the same domain name, the number of Cookie variables is controlled within 20, and the value of each cookie is The size is controlled within 4kb. There is no limit on the size or number of session values, but if there are too many, it will increase the pressure on the server.
(3) Content difference: The content saved by the cookie is a string, while the data saved by the session in the server is an object.
(4) Path difference: Sessions cannot distinguish paths. During the same user's visit to a website, all sessions can be accessed anywhere; and if the path parameter is set in the cookie, then the same Cookies in different paths on the website are not accessible to each other.
Recommended learning: "PHP Video Tutorial"
The above is the detailed content of What is the difference between cookie and session in php. For more information, please follow other related articles on the PHP Chinese website!
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
