Django - 数据库支持的会话和基于Cookie的会话之间的区别？ [英] Django - Difference between Database backed sessions and Cookie Based Session?

问题描述

正在通过Django文档，发现这个 https://docs.djangoproject.com/en/1.4/topics/http/sessions/#using-database-backed-sessions 。数据库支持的会话和基于cookie的会话有什么区别？一个人的优势是什么？有什么缺点？

Was going through Django Documentation and found this "https://docs.djangoproject.com/en/1.4/topics/http/sessions/#using-database-backed-sessions". What is the difference between database backed sessions and cookie based sessions? What is the advantage of one over the other? And what are the disadvantages?

推荐答案

Cookie会话

• 将数据存储在客户端/用户端


• 当您拥有一组网络服务器时，可以顺利运行


• 浏览器通常将Cookie限制为每个域最大大小约4千字节


• Cookie可设置为长使用寿命，这意味着存储在cookie中的数据可以存储数月如果不是几年（用户可以清除Cookie）


• 有些容易被黑客入侵

• Store their data on the client/user end
• Work smoothly when you have a cluster of web servers
• Browsers typically limit cookies to a maximum size of around 4 kilobytes per domain
• Cookies can be set to a long lifespan, which means that data stored in a cookie can be stored for months if not years (Users can clear cookies though)
• Somewhat easily hacked

数据库会话

• 存储数据服务器端


• 其中一个Web服务器处理第一个请求，集群中的其他Web服务器将不具有存储的信息


• 客户端无权访问您存储的关于它们的信息，因此更适合敏感数据。


• 数据不必每次请求时从客户端到服务器（cli只需要发送一个ID，数据从本地文件中加载）


• 可以是任何大小

• Store their data server side
• One of your web servers handles the first request, other web servers in your cluster will not have the stored information
• Clients do not have access to the information you store about them and therefore better for sensitive data.
• Data doesn't have to travel from client to server on each request (clients just need to send an ID and the data is loaded from the local file)
• Can be any size

最后归结为：当您第二天访客回来时，您希望数据能够正常工作吗？如果是这样，那么您唯一的选择就是Cookie - 如果您有任何特别敏感的信息，最好的办法是将其存储在数据库中，然后使用cookie存储ID号以引用数据[或需要它们记录在看到信息]。如果您不需要半永久性数据，那么数据库会话通常是首选的，因为它们更容易使用，不需要将数据全部发送到每个页面，并且一旦您的访问者也被清理关闭他们的网络浏览器。

In the end it comes down to: "do you want your data to work when you visitor comes back the next day? If so, then your only choice are cookies - if you have any particularly sensitive information, your best bet is to store it in a database, then use the cookie to store an ID number to reference the data [or have them be required to log in to see said information]. If you do not need semi-permanent data, then database sessions are generally preferred, as they are a little easier to use, do not require their data to be sent in entirety with each page, and are also cleaned up as soon as your visitor closes their web browser."

更多信息：

http://php.about.com/od/learnphp/qt/session_cookie.htm

http://wonko.com/post/why -you-might-shouldnt-use-cookies-to-store-session-data

http://www.tuxradar.com/practicalphp/10/1/0

这篇关于Django - 数据库支持的会话和基于Cookie的会话之间的区别？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！