[Web] Cookie and Session

HTTP is the stateless protocol, and it can’t save the record of actions on internet. Therefore, cookie and session are the key to overcome this situation.

Cookie

1. When user use browser(client) to login or visit a website(server), server will setup a cookie including the user information, then return the cookie to client to save at browser.
2. In the next time that user need to visit the website, the request will carry the cookie to the server, and server will use the user information in cookie to distinguish the user.

• User information save in client side(browser).
• Each cookie can only use for specific domain.
• Has the timeliness, and can set when generate the cookie.
• Is easy to tamper from client side.
• If the cookie is lengthy, it will affect the efficiency in transport.

Session

1. When user use browser(client) to login or visit a website(server), server will setup a session including the user information and a cookie including corresponding session ID, then return the cookie to client to save at browser.
2. In the next time that user need to visit the website, the request will carry the cookie to the server, and server will use session ID in cookie to distinguish the user.

• User information save in server side(website).
• Has the timeliness, and depend on the server setting.
• Is hard to tamper from client side.
• If request increasing, it will affect the efficiency in server.