隐藏输入字段 vs 会话 vs cookie [英] Hidden input fields vs Session Vs Cookie
问题描述
将数据存储在以下位置的优缺点是什么:
What are the pros and cons of storing data in:
- 隐藏的输入字段
- Cookies/本地存储
- 服务器端会话
推荐答案
这三者并不相互排斥.
隐藏输入只是发送给客户端的 HTML.它不会出现在最终用户的页面上,但客户端可以完全访问它.这意味着用户可以通过使用浏览器中的查看源功能看到它(就像他们可以看到来自您的服务器的任何 HTTP 响应一样).
A hidden input is just HTML sent to the client. It does not appear on the page to the end-user, but it is entirely accessible to the client. Meaning that the user can see it (just as they can see any HTTP response from your server) by using the View Source feature in their browser.
cookie 只是另一个由 cookie 名称/值对组成的 HTTP 标头,可以在每个请求/响应中在客户端和服务器之间来回发送.最终用户也可以通过检查浏览器开发者工具中的 HTTP 标头来看到这一点.
A cookie is just another HTTP header consisting of a cookie name/value pair, that can be sent back and forth between the client and server in every request/response. This is also visible to the end-user by checking the HTTP headers from their browser's developer tools.
会话这个术语本身是可疑的,因为可以有客户端会话(存储在客户端的浏览器中,就像 HTML5 Sessions) 或者它可以是服务器端会话.
The term session, on its own, is dubious, because there can be client-side sessions (stored in the client's browser like with HTML5 Sessions) or it can be a server-side session.
在 PHP 中,您可能指的 会话函数 将会话数据存储在服务器上,但只向与他们的会话相关联的客户端发送一个标识符.这是 session_id,通常作为 cookie 发送回客户端.
In PHP, the session functions that you're probably referring to store the session data on the server, but send only an identifier to the client that is associated with their session. This is the session_id that is usually sent back to the client as a cookie.
这三样东西通常一起协同工作来做各种事情.所以问哪个更好,就像问我的车哪个部分更好;发动机、车轮还是转向柱?
All three of these things typically work together in conjunction to do various things. So asking, which is better, is like asking which part of my car is better; the engine, the wheels, or the steering column?
为了知道某事如何更好,您必须能够将其与其他事物联系起来.否则,这个问题毫无意义.
In order to know how something is better you must be able to relate it to something else. Otherwise, the question makes no sense.
如果你问什么时候使用这些东西是合适的,那么答案取决于你的需求是什么.
If you're asking when it would be appropriate to use things and for what then the answer depends on what your needs are.
- 会话
- 使用服务器端会话来存储您不希望客户端直接控制或访问但必须保留以促进应用程序状态的信息.这通常被视为临时或临时存储,因此它对于您的应用程序代码的运行并不重要,但对于在 HTTP 请求之间为用户维护状态是必要的.请记住,默认情况下 PHP 会话依赖于 cookie.所以问题不在于我是使用 cookie 还是会话,而是更重要的是......会话通常用于什么.
- Sessions
- Use server-side sessions to store information that you don't want the client to have direct control over or access to, but must be retained to facilitate application state. This is generally viewed as temporary or ephemeral storage so it is not critical for your application code to function, but is necessary to maintain state for the user between HTTP requests. Remember that a PHP session relies on cookies by default. So the question isn't do I use a cookie or a session, but more so... what is a session typically used for.
- 使用 cookie 来存储您希望客户端在请求之间保留的临时值.当您发送 cookie 时,浏览器将保留该 cookie,直到到达 Expire 标头或最终用户决定删除它.所以这对于存储小的、短期的数据很有用,主要只对你的 UI 组件很重要,但服务器需要在加载期间被通知它们.这可能是语言设置、打开/关闭音频、颜色首选项等...
- Use cookies to store temporary values that you want the client to hold on to between requests. When you send a cookie, the browser will hold on to that cookie until the Expire header is reached or the end-user decides to delete it. So this is useful for storing small, short-lived data, that only matters to your UI components primarily, but the server need be informed of them during load times. This could be things like language settings, turn audio on/off, color preferences, etc...
- 当您不需要最终用户查看页面上的输入字段或与之交互,但服务器仍希望发送值时,请使用隐藏输入.这通常用于诸如 CSRF 令牌之类的事情,或者服务器希望返回的任何值,但不需要用户预先知道或提供.这些值通常由您的服务器在初始页面加载时发送.
当问题从哪个更好"变为每种方法的用途"时,答案通常开始变得更有意义,因为您将很可能全部使用.
When the question changes from "which is better" to "what are the uses of each" the answers generally start to become a lot more meaningful, because you will more than likely use all of them.
这篇关于隐藏输入字段 vs 会话 vs cookie的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
