Questions about cookies and sessions.

Asked 2 years ago, Updated 2 years ago, 53 views

Hello, everyone While organizing various concepts, I came up with something I was curious about, so I'm posting it like this.

First, I will write down the cookies and sessions that I understood.

Session and cookie background: http protocol is stateless, so continuous? What to use for connection Session: One identifier is provided for each client as an identifier stored on the server side. Cookies: Identifiers stored on the client side can be stored up to 20 per domain (cookies themselves are stored up to 300, 4 kb per each)

As I searched various blogs, the information was mixed, so I tried to write it down as simple as possible.

As I understand it like this, I have a question.

1 Are cookies and sessions used 'always' at the same time? Cookies are said to store sessions on the client side and on the server side, but if only one is used

So the conclusion that I came up with on my own Cookies and sessions exist at the same time, and what identifiers are stored on the client side is considered as cookies and what is stored on the server side is a session, but I don't know if it's accurate even if I search it, so I'm posting questions like this.

2 Maintain this network? What other terms are there other than cookies and sessions?

Thank you!

network

2022-09-22 21:10

3 Answers

An example of using cookies to identify clients is

Sessions can be identified using a session just like cookies. The session does not identify the client.

When a login request is received, if the login information matches, the server creates a session.

The session stores the user ID, login time, IP, and so on.

When responding to a client, pass the session ID to the client, where the session can be found.

On the next request, the client requests the session ID together (whether using cookies or other methods).

The server uses this session ID to locate the session stored on the server.

The server application can read the information stored in this session to determine who is logged in.


2022-09-22 21:10

Cookie operation process

Fine Line Operation Process


2022-09-22 21:10

It's the action process when you use cookies.

Operation process when using the session.

The picture below is What and how deep are stored in the storage when each method is used?I've tried to distinguish them. How deep is the color?It's a distinction.

When using cookies, it was judged that the depth at which [client-side identification information] and [server-side identification information] were stored (level...?) was different, so it was expressed in different colors

When I used the session, [client-side session ID] and [server-side session ID] were judged to be the same depth (level), so I expressed it in the same color!


2022-09-22 21:10

If you have any answers or tips


© 2024 OneMinuteCode. All rights reserved.