会话和cookie之间是否存在权衡机制？ [英] Is there a tradeoff mechanism between session and cookie?

问题描述

我得到一个问题，那就是cookie不够安全且会话占用太多内存，是否有机制在这两者之间进行权衡？



我知道会话和cookie之间有一点区别，但我真的不知道。



任何人都有这个想法吗？提前谢谢！

解决方案

不是真的 - 两者之间存在巨大差异：一个是服务器端，另一个是客户端。这意味着两件事：

1）Cookie是持久的 - 它们可以超越当前会话的限制。因此，用户可以关闭他的电脑，明天再来，当他连接到您的网站时，cookie仍然可用。这非常适合购物清单等，也适用于低安全性登录（例如本网站）。会话不会持久 - 它们会在不活动或浏览器关闭后过期。

2）会话本质上更安全 - 因为数据不会离开服务器，因此无法在传输过程中或基于客户端的工具（合法或其他方式）截获。这适用于基于财务的登录，信用卡信息等等。



你所谈论的权衡并不是固定的 - 它取决于使用你的应用程序。

在这里你可以获得cookie和会话的所有答案：



cookie和会话之间的关系是什么？ [< a href =http://www.codeproject.com/Answers/615021/what-is-the-relation-between-cookies-and-session#answer2target =_ blanktitle =New Window> ^

I am getting a question, that is cookie is not secure enough and session is eating too much memory, is there a mechanism to do a tradeoff between those two?

I know a little difference between session and cookie, but I really have no idea.

Anyone has idea about this? Thanks in advance!

解决方案

Not really - there is a huge difference between the two: one is server side, and the other is client side. That means two things:
1) Cookies are persistent - they can survive beyond the limits of the current session. So the user can turn his computer off, come back tomorrow and the cookies are still available when he connects to your site. This is great for shopping lists and so forth, and for low-security logins (such as this site). Sessions are not persistent - they expire after inactivity, or when the browser is closed.
2) Sessions are inherently more secure - because data does not leave the server, so it can't be intercepted, either in transit or by client based tools (legitimate or otherwise). This is good for financial based logins, credit card info, and so forth.

The "tradeoff" you talk about is not a fixed thing - it is down to the use to which your application will be put.

Here you can get all answer of cookie and session:

what is the relation between cookies and session?[^]

这篇关于会话和cookie之间是否存在权衡机制？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！