隐藏的输入字段与会话与Cookie的比较 [英] Hidden input fields vs Session Vs Cookie

问题描述

在以下位置存储数据的利弊是什么?

What are the pros and cons of storing data in:

1. 隐藏的输入字段
2. Cookie/本地存储
3. 服务器端会话

推荐答案

这三个不是互斥的.

隐藏的输入只是发送给客户端的HTML.最终用户不会在页面上看到它，但是客户端可以完全访问它.意味着用户可以通过使用浏览器中的查看源文件功能来查看它(就像他们可以看到来自服务器的任何HTTP响应一样).

A hidden input is just HTML sent to the client. It does not appear on the page to the end-user, but it is entirely accessible to the client. Meaning that the user can see it (just as they can see any HTTP response from your server) by using the View Source feature in their browser.

cookie只是另一个由cookie名称/值对组成的HTTP标头，可以在每个请求/响应中在客户端和服务器之间来回发送.最终用户也可以通过从浏览器的开发人员工具中检查HTTP标头来看到该标头.

A cookie is just another HTTP header consisting of a cookie name/value pair, that can be sent back and forth between the client and server in every request/response. This is also visible to the end-user by checking the HTTP headers from their browser's developer tools.

术语会话本身是可疑的，因为可以存在客户端会话(存储在客户端浏览器中，就像

The term session, on its own, is dubious, because there can be client-side sessions (stored in the client's browser like with HTML5 Sessions) or it can be a server-side session.

在PHP中，您可能要引用的会话函数 ，但仅将与其会话相关联的标识符发送给客户端.这是 session_id ，通常以cookie的形式发送回客户端.

In PHP, the session functions that you're probably referring to store the session data on the server, but send only an identifier to the client that is associated with their session. This is the session_id that is usually sent back to the client as a cookie.

所有这三样东西通常一起工作，共同完成各种事情.因此，问哪个更好，就像问我的汽车哪一部分更好.引擎，车轮还是转向柱?

All three of these things typically work together in conjunction to do various things. So asking, which is better, is like asking which part of my car is better; the engine, the wheels, or the steering column?

为了知道某事更好，您必须能够将其与其他事物联系起来.否则，这个问题就没有意义了.

In order to know how something is better you must be able to relate it to something else. Otherwise, the question makes no sense.

如果您要问什么时候适合使用什么东西以及什么用途，那么答案取决于您的需求.

If you're asking when it would be appropriate to use things and for what then the answer depends on what your needs are.

1. 会议
   • 使用服务器端会话来存储您不希望客户端直接控制或访问的信息，但必须保留这些信息以促进应用程序状态.通常将其视为临时或临时存储，因此对您的应用程序代码起作用并不重要，但在HTTP请求之间维护用户状态是必需的.请记住，默认情况下，PHP会话依赖于cookie.因此，问题不在于我使用Cookie还是会话，而是……通常用于什么会话.

1. Sessions
   • Use server-side sessions to store information that you don't want the client to have direct control over or access to, but must be retained to facilitate application state. This is generally viewed as temporary or ephemeral storage so it is not critical for your application code to function, but is necessary to maintain state for the user between HTTP requests. Remember that a PHP session relies on cookies by default. So the question isn't do I use a cookie or a session, but more so... what is a session typically used for.

• 使用cookie存储您希望客户端在两次请求之间保留的临时值.当您发送cookie时，浏览器将保留该cookie，直到到达 Expire 标头或最终用户决定删除它为止.因此，这对于存储小而短暂的数据很有用，这仅对UI组件至关重要，但需要在加载期间将其告知服务器.这可能是诸如语言设置，打开/关闭音频，颜色首选项等之类的事情.

• Use cookies to store temporary values that you want the client to hold on to between requests. When you send a cookie, the browser will hold on to that cookie until the Expire header is reached or the end-user decides to delete it. So this is useful for storing small, short-lived data, that only matters to your UI components primarily, but the server need be informed of them during load times. This could be things like language settings, turn audio on/off, color preferences, etc...

• 当您不需要最终用户查看页面上的输入字段或与之交互时，请使用隐藏的输入，但是服务器仍希望发送该值.这通常用于CSRF令牌之类的东西，或服务器希望取回的任何值，但不需要用户预先知道或提供.这些值通常是由服务器在初始页面加载时发送的.

当问题从"哪个更好"更改为"每种用法有什么"时，答案通常会变得更加有意义，因为您将 可能会全部使用它们 .

When the question changes from "which is better" to "what are the uses of each" the answers generally start to become a lot more meaningful, because you will more than likely use all of them.

这篇关于隐藏的输入字段与会话与Cookie的比较的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！