What is the difference between Cookie and Session in HTTP protocol?

What is the difference between Cookie and Session in HTTP protocol?

HTTP is a stateless protocol, that is, each time the server receives a request from the client, it is a new request, and the server does not know the client's historical request records. Cookies and Sessions are both session methods used to track the identity of browser users, in order to make up for the stateless nature of HTTP.

A cookie is a small piece of data that a server sends to a user's browser and stores locally. It will be carried the next time the browser makes a request to the same server.

Cookies store information about logged-in users, so that the next time you visit a website, the page can automatically fill in some basic login information. Usually, it is used to tell the server whether two requests come from the same browser, such as keeping the user logged in. In addition, cookies can also store user preferences, themes, and other settings.

The function of Session is to record the user's status through the server. Generally, we use Cookie to manage Session. When the server receives the request for the first time, it generates a Session ID, sets the Session ID field through the Set-Cookie command in the response header, and sends a response to the client requesting the setting of Cookie. After the client receives the response, it saves a Cookie information containing the Session ID field on the local machine. Each time the client sends a request to the same server, the request header will carry a Cookie containing the Session ID, and then the server obtains the Session ID of this request by reading the Cookie in the request header.

It should be noted that if the client has disabled cookies, the method of saving the Session ID through cookies will not work. In this case, we can also put the Session ID in the requested URL. Considering security, we can also encrypt the Session ID.

Overall, there are five differences between Cookie and Session:

1. The storage locations are different. Cookie data is stored on the client browser, while Session data is stored on the server.

2. Different security. Cookies are stored on the local browser and can be forged to deceive cookies, so relatively speaking, Session is more secure.

3. The size of stored data is different. The data stored in a single cookie cannot exceed 4K. Many browsers limit a site to storing a maximum of 20 cookies. Session is stored on the server and the browser has no restrictions on it.

4. The data types are different. Cookies only support the storage of string data, while Session can store any data type.

5. The validity period is different. Cookies can be set to be kept for a long time, such as the automatic login function we often use. Sessions are generally effective for a short time and will become invalid when the client is closed or the Session times out.

<<:  Don’t be bothered by the information of network equipment optical modules anymore! Come and learn these practical tips!

>>:  Let's talk about HTTP/3, QUIC, how do they work?

Recommend

5G is knocking on the door, but where is the infrastructure?

New Delhi: India is on the brink of the next gene...

5G standards usher in new upgrades, driving development into a new stage

Industry development starts with standards. On th...

Mobile edge computing provides unlimited possibilities for 5G innovation

At the "2017 China MEC Industry Development ...

5G promotes the rapid development of smart healthcare

Recently, the Ministry of Industry and Informatio...

A Preliminary Study on ASP.NET Core Api Gateway Ocelot

[[387094]] This article is reprinted from the WeC...

Why are unlimited data plans dying?

Regardless of whether it was a unified arrangemen...

5G enables the industrial Internet to flourish

[[441504]] 5G remote ultrasonic robot diagnostic ...