Are session and cookies the same thing?_问答_开发者

Since session and cookies are both used to store temporary data, wh开发者_高级运维at is the difference between them?

As for may knowledge:

If you set the variable to "cookies", then your users will not have to log in each time they enter your community.

The cookie will stay in place within the user’s browser until it is deleted by the user.

But Sessions are popularly used, as the there is a chance of your cookies getting blocked if the user browser security setting is set high.

If you set the variable to "sessions", then user activity will be tracked using browser sessions, and your users will have to log in each time they re-open their browser. Additionally, if you are using the "sessions" variable, you need to secure the "sessions" directory, either by placing it above the web root or by requesting that your web host make it a non-browsable directory.

The Key difference would be cookies are stored in your hard disk whereas a session aren't stored in your hard disk. Sessions are basically like tokens, which are generated at authentication. A session is available as long as the browser is opened.

hope following links will further clarifying your doubts

http://wiki.answers.com/Q/What_is_the_difference_between_session_and_cookies http://www.allinterview.com/showanswers/74177.html

Cookies store a user's data on their computer.

Session implementations store a user's temporary data on a server (or multiple servers, depending on the configuration).

In each HTTP response, the server has the opportunity to add a header Set-Cookie: {cookie-name}={cookie-data}; {cookie-options}.

The browser will, in every subsequent HTTP request (or as specified by the options), add a header Cookie: {cookie-name}={cookie-data}.

Request #1:

POST /auth/login HTTP/1.1
Host: www.example.com

username=Justice&password=pass1234

Response #1:

HTTP/1.1 307 Temporary Redirect
Set-Cookie: user_id=928
Location: http://www.example.com/dashboard

Request #2:

GET /dashboard HTTP/1.1
Host: www.example.com
Cookie: user_id=928

Response #2:

HTTP/1.1 200 OK
Content-Type: text/html

<html>
  <head>...</head>
  <body>...</body>
</html>

All future requests will also include the Cookie header.

Cookies are stored on the client as either small text files on the files system (persistent cookies) or in the browsers memory (non-persistent cookies) and passed to the server and returned to the client with each request and response. Persistent cookies will still be available between browser sessions as long as the expiry date has not passed. Non-persistent cookies will be lost once the browser is closed.
Session is stored on the server in memory. Cookies are very often used as a way of preserving the reference to the users session between requests however this can also be done with querystring parameters if cookies are disabled on a clients browser.

A cookie is client side a session is server side

Sessions are stored server side. You can have inproc sessions, which will be stored in memory, or you can store the sessions in an SQL database. You can read more here.

Cookies are stored on the client's computer. This means that it's not recommended to store important details in a cookie, because clients could easily manipulate them.

Cookies are a small text file stored on the client that can hold domain specific information,

a session is held server side in either memory, a database or a seperate server and keyed via a session key, they are meant only to persist for a 'session' where as a cookie can persist for a length of time or indefinately therefore being usable in multiple sessions.

They are not the same thing. A Session is a concept whereby the state of a single user's browsing session is stored.

Cookies are a good means of implementing this concept, thus the widespread practice of "Session cookies".

The main difference between data stored in session and cookies is that data stored in session is stored on the server side (user can't operate on such data), while cookies are stored on a client side. They might be manipulated somehow by user. If you have a really sensitive data - then store it in session. But all other data you can store in cookies not to overload the server.