World's most popular travel blog for travel bloggers.

Explain the difference between Session and Cookie.

, , No Comments

Differences between Session and cookie, MCS-051

Data on server-sidedata on client side
unlimited side of data as per as server capabilitylimited support for data data handling
It can store any type of dataonly text
age of data is not fixed .fixed
destroy after session timeout or logoutremains on client machine
less data traveling over the networkAll cookie need to travel each time client sends request to server.
More secure mechanism to session trackingless secure

For 4 Marks above chart is enough, Find below the detail for understanding the concept of both

A cookie is simply a short text string that is sent back and forth between the client and the server. You could store name=bob&password=asdf in a cookie and send that back and forth to identify the client on the server side. You could think of this as carrying on an exchange with a bank teller who has no short term memory, and needs you to identify yourself for each and every transaction. Of course using a cookie to store this kind information is horrible insecure. Cookies are also limited in size.
Now, when the bank teller knows about his/her memory problem, He/She can write down your information on a piece of paper and assign you a short id number. Then, instead of giving your account number and driver's license for each transaction, you can just say "I'm client 12"
Translating that to Web Servers: The server will store the pertinent information in the session object, and create a session ID which it will send back to the client in a cookie. When the client sends back the cookie, the server can simply look up the session object using the ID. So, if you delete the cookie, the session will be lost.
One other alternative is for the server to use URL rewriting to exchange the session id.
Suppose you had a link - You could go through the page and rewrite every URL as or even and exchange the identifier that way. This technique is handled by the web application container and is usually turned on by setting the configuration to use cookieless sessions.


Post a Comment

Let us know your responses and feedback