HTTP COOKIES

Cookie是网站用于在浏览器上存储状态信息的键/值对。
假设您有一个网站（example.com），当浏览器请求网页时，网站可以发送Cookie以在浏览器上存储信息。

浏览器请求示例：

  GET /index.html HTTP / 1.1 
主机：www.example.com 
 

服务器回答示例：

  HTTP / 1.1 200 OK 
 Content-type：text / html 
 Set-Cookie：foo = 10 
 Set-Cookie：bar = 20; Expires = Fri，30 Sep 2011 11:48:00 GMT 
 ...响应的其余部分
 

这里，两个cookie foo = 10和bar = 20存储在浏览器中。第二个将于9月30日到期。

  GET /spec.html HTTP / 
在每个后续请求中，浏览器会将Cookie发送回服务器。 1.1 
主机：www.example.com 
 Cookie：foo = 10; bar = 20 
接受：* / * 
 

SESSIONS：服务器端Cookie

服务器端Cookie被称为会话。在这种情况下，网站在浏览器上存储一个cookie，其中包含唯一的会话标识符。状态信息（上面的foo = 10和bar = 20）存储在服务器上，会话标识符用于将请求与存储在服务器上的数据进行匹配。

使用示例

您可以使用会话和cookie存储：身份验证数据，用户首选项，电子商务网站中的图表内容等...

优点和缺点

下面的解决方案的利弊。

Cookie优点：

• 可伸缩性：所有数据都存储在浏览器中，因此每个请求都可以通过负载均衡器访问不同的网络服务器，并且您拥有完全填充请求所需的所有信息;


• 可以通过浏览器上的javascript访问;


• 不在服务器上，可在服务器重新启动后保存;


• RESTful：请求不依赖于服务器状态

Cookie缺点：

• 存储空间有限到80 KB（20个Cookie，每个4 KB）


• 安全Cookie不容易实施：请参阅论文安全Cookie协议

会话优惠：
$ b

• 通常更容易使用，在PHP中可能没有太大区别。 b

会话缺点：

• 不是RESTful



• 在网络服务器重新启动时您可能会丢失所有会话， / ul>
  

  What is the difference between server side cookie and client side cookie? Can you please explain with examples.

  HTTP COOKIES

  Cookies are key/value pairs used by websites to store state informations on the browser. Say you have a website (example.com), when the browser requests a webpage the website can send cookies to store informations on the browser.

  Browser request example:

  GET /index.html HTTP/1.1
  Host: www.example.com
  

  Example answer from the server:

  HTTP/1.1 200 OK
  Content-type: text/html
  Set-Cookie: foo=10
  Set-Cookie: bar=20; Expires=Fri, 30 Sep 2011 11:48:00 GMT
  ... rest  of the response
  

  Here two cookies foo=10 and bar=20 are stored on the browser. The second one will expire on 30 September. In each subsequent request the browser will send the cookies back to the server.

  GET /spec.html HTTP/1.1
  Host: www.example.com
  Cookie: foo=10; bar=20
  Accept: */*
  

  SESSIONS: Server side cookies

  Server side cookies are known as "sessions". The website in this case stores a single cookie on the browser containing a unique Session Identifier. Status information (foo=10 and bar=20 above) are stored on the server and the Session Identifier is used to match the request with the data stored on the server.

  Examples of usage

  You can use both sessions and cookies to store: authentication data, user preferences, the content of a chart in an e-commerce website, etc...

  Pros and Cons

  Below pros and cons of the solutions. These are the first that comes to my mind, there are surely others.

  Cookie Pros:

  • scalability: all the data is stored in the browser so each request can go through a load balancer to different webservers and you have all the informations needed to fullfill the request;
  • they can be accessed via javascript on the browser;
  • not being on the server they will survive server restarts;
  • RESTful: requests don't depend on server state

  Cookie Cons:

  • storage is limited to 80 KB (20 cookies, 4 KB each)
  • secure cookies are not easy to implement: take a look at the paper A secure cookie protocol

  Session Pros:

  • generally easier to use, in PHP there's probably not much difference.
  • unlimited storage

  Session Cons:

  • more difficult to scale
  • on web server restarts you can lose all sessions or not depending on the implementation
  • not RESTful