What is a session, and what mechanisms are there to implement a session?

 Today we will answer 3 questions 

What is a cookie and what is the process of using a cookie?

What is a session, and what mechanisms are there to implement a session?

What is the difference between session and cookie?

What is a cookie and what is the process of using a cookie?

Since the http protocol is a stateless protocol, if the client does not have a mechanism to save the user's access state when accessing the web application through the browser, it will not be able to continuously track the operation of the application. For example, when a user adds a product to a shopping cart, the web application must save the state of the shopping cart while the user browses other products, so that the user can continue to add products to the shopping cart.

 Cookie is a caching mechanism of the browser, which can be used to maintain the session between the client and the server. Since the next question will talk about session, it should be emphasized that cookie will save the session on the client side (session is to save the session on the server side)

Here are the most common login cases to explain the cookie usage process:

First, the user initiates a login request to the server in the client browser.

After the login is successful, the server will set the login user information in a cookie and return it to the client browser. After the client browser receives the cookie request, it will save the cookie locally (It may be memory or disk, depending on the specific usage.) When the web application is accessed again in the future, the client browser will bring the local cookie with it, so that the server can obtain user information based on the cookie

 What is a session, and what mechanisms are there to implement a session?

A session is a mechanism for maintaining a session between the client and the server. But unlike cookie storing session information locally on the client, session keeps the session on the browser side.

We also use the login case as an example to explain the usage process of the session:

First, the user initiates a login request in the client browser.

After the login is successful, the server will save the user information on the server and return a unique session identifier to the client browser.

The client browser will save this unique session identifier.

When accessing the web application again in the future, the client browser will bring this unique session identifier, so that the server can find user information based on this unique identifier.

Seeing this may cause questions: return the unique session identifier to the client browser, then save it, and bring it with you when you visit later, isn't this a cookie?

 

Yes, session is just a session mechanism. In many web applications, the session mechanism is implemented through cookies. That is to say, it only uses the function of the cookie, and does not use the cookie to complete the session preservation. Contrary to the mechanism in which the cookie saves the session on the client side, the session saves the session information to the server through the function of the cookie.

Furthermore, session is a mechanism for maintaining a session between the server and the client, and it can be implemented in different ways. Take the more popular small programs as an example to illustrate the implementation of a session:

First, after the user logs in, the user log-in information needs to be saved on the server side. Here we can use redis. For example, generate a userToken for the user, then save it to redis with userId as the key and userToken as the value, and bring the userToken back to the applet when it returns.

After receiving the userToken, the applet will cache it, and bring the userToken with it every time it accesses the back-end service.

In subsequent services, the server only needs to compare the userToken brought by the applet with the userToken in redis to determine the user's login status.

What is the difference between session and cookie?

After the explanation of the above two questions, this question is very clear

1)     Cookie is a caching mechanism provided by the browser. It can be used to maintain the session between the client and the server.

2)      Session refers to a mechanism for maintaining the session between the client and the server. It can be implemented through cookies or through Realize by other means.

If a cookie is used to implement the session, the session will be saved in the client browser and the session provided by the session mechanism is saved on the server.