views:

241

answers:

4

When i create a session variable where is saved username and password, how does it works internally? Same question about regular cookies where information is saved. Which type of information are included in coookie and session? What is the difference between them?

+3  A: 

To sum it up a cookie is a file on the client's computer. You can store whatever in it (objects, text...). A session object can be stored in a cookie in the same way you can store some text. Keep in mind that session != cookie because sometimes you can store a session object in the database.

But still, you'll have to read up some documentation, I think.

Seen on wikipedia:

In computing, a cookie (also tracking cookie, browser cookie, and HTTP cookie) is a small piece of text stored on a user's computer by a web browser. A cookie consists of one or more name-value pairs containing bits of information such as user preferences, shopping cart contents, the identifier for a server-based session, or other data used by websites.

It is sent as an HTTP header by a web server to a web browser and then sent back unchanged by the browser each time it accesses that server. A cookie can be used for authenticating, session tracking (state maintenance), and remembering specific information about users, such as site preferences or the contents of their electronic shopping carts. The term "cookie" is derived from "magic cookie", a well-known concept in UNIX computing which inspired both the idea and the name of browser cookies. Some alternatives to cookies exist; each has its own uses, advantages, and drawbacks.

Being simple pieces of text, cookies are not executable. They are neither spyware or viruses, although cookies from certain sites are detected by many anti-spyware products because they can allow users to be tracked when they visit various sites.

Most modern browsers allow users to decide whether to accept cookies, and the time frame to keep them, but rejecting cookies makes some websites unusable. For example, shopping carts or login systems implemented using cookies do not work if cookies are disabled.

marcgg
A: 

Generally, session data is stored on the server, and it uses a tracking cookie to attach a user with the data. Cookies on the other hand are set directly in the user's browser.

One key difference: Session variables generally can't be seen by the end user, but cookies can(with the right browser plugin)

Also, if you have multiple front-end web servers, cookies will be sent to all front end servers, but session data is not shared between them without extra work.

Jesse Weigert
+2  A: 

The best article on sessions and cookies I ever found is

http://shiflett.org/articles/the-truth-about-sessions

pMan