PHP会话和Cookie的目的及其差异 [英] Purpose Of PHP Sessions and Cookies and Their Differences

问题描述

我刚刚开始学习在PHP中编程，遇到一个稍微混乱的区域，Sessions和Cookies。

I am just starting to learn to program in PHP and have ran into a slightly confusing area, Sessions and Cookies.

我理解服务器端和客户端 - 侧面存储差异，但我不能看到他们如何区分和在什么情况下，每个都适合？

I understand the server-side and client-side storage differences but i cant see how they differentiate and in what circumstances would each be appropriate for?

此外，我看到人们说，cookie可以用于存储

Also, i have seen people say that the cookie could be used to store a session id, How would this be done and why would this be advantageous?

感谢您的任何反馈。

推荐答案

首先，让我们突破长期的神话（或至少我认为这是一个现有的神话）会话cookie是不同于常规的cookie。不是这样。会话cookie只是一个常规的cookie。只有设置（或者不设置）的会话cookie的属性通常不同。但是机制是完全一样的。

First of all, let's bust the longstanding myth (or at least I think it's an existing myth) that a session cookie is something different than a regular cookie. It is not. A session cookie is just a regular cookie. Only the properties of the session cookie that are set (or rather not set) are typically different. But the mechanism is exactly the same.

通过向浏览器发送http响应头来设置cookie：

A cookie is set by sending a http response header to the browser:

Set-Cookie：name = value [;可能到期日]其他可能的属性]

通常将会话Cookie与常规Cookie区分开的是没有设置到期日期（到期日期设置为过去的日期）。这意味着浏览器会在关闭浏览器后处理cookie。但是一个常规的cookie也可以做到这一点。

What typically distinguishes a session-cookie from a regular cookie is that no expiration date is set (or the expiration date is set to a date in the past). Which means the browser will dispose the cookie after closing the browser. But a 'regular' cookie can do this just as well. Thus thereby making it a 'session cookie' so to speak.

现在我们已经有了这种方式;除了上述属性之外，应用程序通常使用cookie以使它们充当会话cookie的机制是，cookie的值仅保持某种唯一可识别的值。也许 md5 可能是 sha1 散列。

Now that we have that out of the way; the mechanism by which cookies are typically utilized by applications to make them act as even more of a session cookie, besides above mentioned properties, is that the value of the cookie only holds a uniquely identifiable value of some sort. Perhaps an md5 of maybe a sha1 hash.

每次浏览器请求服务器上的资源，它发送这个cookie（除非它已过期）与http请求头像这样：

Each time the browser requests a resource on the server it sends along this cookie (unless it has expired) with a http request header like this:

Cookie：name = value

后端中的会话机制（在您的情况下是PHP）将Cookie的唯一ID与数据已存储在服务器文件系统中的文件中，或者可能在数据库中。这样，每次收到Cookie时，就能够检索这些数据并将其链接到请求。

The session mechanisms in the backend (being PHP in your case) linked the unique id of the cookie with data that has been stored in a file in the servers filesystem, or perhaps in a database. This way, each time the cookie is received it is able to retrieve this data and link it to the request.

这样做的好处是敏感信息1）被隐藏而不必通过网络传输，以及2）不会在用户浏览器缓存中保持它在服务器上。

The advantage of this, is that sensitive information 1) can be hidden from not having to travel over the net, and 2) doesn't end up in the users browser cookie cache, by keeping it at the server.

因此，基本上你想要发送非敏感和非应用程序的重要信息在一个常规的cookie（想想：布局偏好，非持久播放列表，如在YouTube上等），并使用会话存储敏感信息。

So, basically you want to send non-sensitive, and non-application-vital information in a regular cookie (think of: layout preferences, a non-persistant playlist such as on YouTube perhaps, etc.), and use a session to store sensitive information.

编辑：

对不起，忽略或过期日期设置为过去的日期 ，因为它是假的。这会导致Cookie立即被浏览器无效，因此不会再与请求一起发送。

edit:
Sorry, ignore the "or the expiration date is set to a date in the past", as it was false. This will cause the cookie to immediately be invalidated by the browser, and thus not be sent along with requests anymore.

这篇关于PHP会话和Cookie的目的及其差异的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！