Session and Cookies

Tram Ho

In the topic of “Session and Cookies” I will go from general to detailed.

With the scope of this article, I will introduce an overview of the concept, how it works, the application and should use sessions or cookies in your application. In the following article I will present Session and Cookies in Ruby on Rails. Here I will go into details.

1. Session

a. Concept

Session is the session. It is a simple way to store a variable and make it available from page to page. If with normal variables, when any website starts executing, that variable will be allocated memory, store values ​​and reclaim the memory after the page finishes. The session will be different, it can be created, exists on the server, can go from page to page, only lost when we delete it or out of life (time to load data or exit the page address. – close the application). For more information about the session, please refer to wikipedia: https://en.wikipedia.org/wiki/Session_(computer_science)

b. So how does Session work?

The generated session is stored on a file that has a long, unpredictable name and is randomly generated as the session id on the server, and also on the client computer, has a generated cookie with the content (or value) exactly as session id (to be able to match which session is which client). For each web programming language, cookie names are specified such as php is PHPSESSID, jsp is JSESSIONID, … The values ​​of the session variable will be stored in that file (different from normal variables that are stored in memory). server – in php the content file is stored in the setup directory in the php.ini file (parameter session.save_path)). (In the following article I will go into Session details in Rails)

c. Application

One of the typical applications is the member’s Login and Logout management, which most Web sites must have. For tasks that need to be verified as a member to use, we need to ask the member to log in to the system. But if you just use a regular variable, you need to log in every time. Meanwhile, if you use the session, after logging in, a session variable is created (for example, user_id), this variable will exist from page to page, so when you need to perform another task also need To log in, we just need to check if this user_id variable exists or not. If it already exists, don’t exist yet, then log in. In the previous section, the concept of Cookies is mentioned. So what is a cookie and how does it work on the web?

2. Cookies

a. Concept

A cookie is a piece of data stored on the client. Every time the client sends a request to a certain server, it sends the data stored in the cookie corresponding to that server.

Cookie has some parameters as follows:

The URL that the browser will send the cookie to. Cookie Expiration Time Variable: values ​​are stored continuously

For more information about cookies, please visit wikipedia: https://en.wikipedia.org/wiki/HTTP_cookie

b. How it works

Unlike the data sent from the form (POST or GET), the cookie will be automatically sent by the browser every time you access the server. In the process of working, cookies may be changed value. Cookies will be disabled if the browser window controlling cookies closes and the cookie expires. By default, the “live” time of cookies is persisted until the browser window using cookies is closed. However, one can set a time parameter so that cookies can live longer (for example, 6 months). For example, Remember ID & Password mode of some websites.

c. Application

People often use cookies to store information related to different sessions (through multiple opening and closing sessions). Because the HTTP protocol is a state-free protocol (every time a request is processed by a client it will disconnect and may end the session), a cookie is created to store a number of variables. status to overcome this drawback.

So the problem here is “Should I use Cookies or Session”?

3. Using Session or Cookies?

Using Session or Cookie is up to the Developer’s choice, but Session is often preferred over Cookie for a number of reasons:

In some cases, Cookies cannot be used. It is possible that the browser has been set to not accept cookies, at which point the session is still usable by passing the session ID between the website via the URL. Amount of data transferred between browser and server: only the session ID is transmitted between browser and server, the data is actually stored on the server by the website. Security: the less information is transmitted between the browser and the client the better, and the less information is stored at the client, the better.

Above I have introduced the basics of the Concept as well as the operation and application of Session and Cookies in your Web application. Hope you have an overview and grasp a brief overview of it.

Thank you for following the article.

Share the news now

Source : Viblo