Cookie and session comparison

cookie and session The same and the different ：

• cookie Usually generated on the server , But it can also be generated on the client ,session It is generated on the server
• session Save the data information on the server side , It could be memory , file , Database and other forms ,cookie Save the data in the client's memory or file
• Single cookie The saved data cannot exceed 4K, Each site cookie There is a limit to the number of , such as IE8 by 50 individual 、Firefox by 50 individual 、Opera by 30 individual ;session Stored on the server , There is no capacity limit
• cookie Stored locally by the user , Can be easily accessed and modified , Low security ;session Store on server , To compare safety
• cookie There is a conversation cookie And persistent cookie, A session whose lifecycle is the browser session cookie Save in cache , Close the browser window and disappear , persistent cookie Saved on hard disk , Know that the set expiration time is exceeded ; With the server session Storage pressure increases , It will be cleaned regularly as needed session data
• session There is a lot of data in , Only will sessionID This item can be passed cookie Send to client for retention , The next time the client accesses , In the request message cookie It'll carry it automatically sessionID, So as to communicate with the session Association

cookie shortcoming ：

1、 Use cookie To deliver the message , With cookie The increase of the number and the number of visits , It takes up a lot of network bandwidth , Imagine if cookie Occupy 200 byte , If one day PV There are hundreds of millions , How much bandwidth does it take ？

2、cookie Is not safe , because cookie It's stored on the client side , So these cookie It can be accessed , Settings can be added through plug-ins 、 modify cookie. So from that perspective , We're going to use sesssion,session Is to save data on the server , Only by cookie Pass a sessionId nothing more , therefore session More suitable for storing user privacy and important data

session shortcoming ：

1、 Not easy to share across multiple servers , have access to session binding ,session Copy ,session Shared solutions

2、session Stored in the server , therefore session Too much will consume the performance of the server

cookie and session Each has its own advantages and disadvantages , In large Internet Systems , Use alone cookie and session It's not possible