What is the difference between Cookie and Session in HTTP protocol?

What is the difference between Cookie and Session in HTTP protocol?

HTTP is a stateless protocol, that is, each time the server receives a request from the client, it is a new request, and the server does not know the client's historical request records. Cookies and Sessions are both session methods used to track the identity of browser users, in order to make up for the stateless nature of HTTP.

A cookie is a small piece of data that a server sends to a user's browser and stores locally. It will be carried the next time the browser makes a request to the same server.

Cookies store information about logged-in users, so that the next time you visit a website, the page can automatically fill in some basic login information. Usually, it is used to tell the server whether two requests come from the same browser, such as keeping the user logged in. In addition, cookies can also store user preferences, themes, and other settings.

The function of Session is to record the user's status through the server. Generally, we use Cookie to manage Session. When the server receives the request for the first time, it generates a Session ID, sets the Session ID field through the Set-Cookie command in the response header, and sends a response to the client requesting the setting of Cookie. After the client receives the response, it saves a Cookie information containing the Session ID field on the local machine. Each time the client sends a request to the same server, the request header will carry a Cookie containing the Session ID, and then the server obtains the Session ID of this request by reading the Cookie in the request header.

It should be noted that if the client has disabled cookies, the method of saving the Session ID through cookies will not work. In this case, we can also put the Session ID in the requested URL. Considering security, we can also encrypt the Session ID.

Overall, there are five differences between Cookie and Session:

1. The storage locations are different. Cookie data is stored on the client browser, while Session data is stored on the server.

2. Different security. Cookies are stored on the local browser and can be forged to deceive cookies, so relatively speaking, Session is more secure.

3. The size of stored data is different. The data stored in a single cookie cannot exceed 4K. Many browsers limit a site to storing a maximum of 20 cookies. Session is stored on the server and the browser has no restrictions on it.

4. The data types are different. Cookies only support the storage of string data, while Session can store any data type.

5. The validity period is different. Cookies can be set to be kept for a long time, such as the automatic login function we often use. Sessions are generally effective for a short time and will become invalid when the client is closed or the Session times out.

<<:  Don’t be bothered by the information of network equipment optical modules anymore! Come and learn these practical tips!

>>:  Let's talk about HTTP/3, QUIC, how do they work?

Recommend

Security Theory: Learn how to respond to cyber terrorism

[51CTO.com Quick Translation] There has been a lo...

Use Qt to create your own serial port debugging assistant

[[376484]] In my work, the thing I deal with most...

Outlook for domestic 5G development in 2021 (Part 3): Opportunities

From the official launch of commercial use in 201...

Artificial Intelligence in the Data Center: Seven Things You Need to Know

Artificial intelligence and machine learning are ...

Internet services for the elderly have been standardized

In order to help key groups such as the elderly a...

Accelerate the deployment of 6G, satellite Internet may become the key

In recent years, communication technology has dev...

Use what-if analysis to meet data center capacity needs

The authors describe the challenges of capacity r...

Big data and 5G: Where does this intersection lead?

Big data and its impact on our privacy is one of ...

5G new call concepts and key technologies

Labs Guide The pursuit of communication technolog...

The “6G” trend is sweeping the world, and it is still unknown who will win

Technological development is endless, especially ...

Network security programming: C language reverse loop structure analysis

[[392807]] The loop structures of C language incl...

5G development is timely and network construction should be moderately advanced

At present, the overall development of 5G in the ...