Why do you need session? when you have cookie?

session persistence can be accomplished by using cookie in the pure client, so why do you need the session? on the server?
    The running mechanism of
  1. session will generate a cookie of session_id for the client to save, and then the client will bring this session identifier to the server the next time it requests, and the server will find the session according to this.
  2. session persistence can also be achieved without using session, which is for sure
  3. maybe you"ll talk about security. But that"s what I don"t understand. The following is my personal test:

Log in to a website and copy the cookie of that site. Open the site (not logged in status) in another browser and fill in the copied cookie, refresh page, and the site becomes logged in. (I don"t mean all websites, just individual sites.)
as long as you steal cookie, you can hijack session. By the same token, if you only use cookie, then the same is true as long as you steal the cookie and you can impersonate the login.
if you steal cookie, both session and cookie will be impersonated, so why do you need session? I have read a lot of articles about session and cookie in general. Do anyone who really understand this principle tell me the real answer of this little white rookie?
2018-09-23-19-08-16.png

Javascript
Jul.11,2021
  1. with session, you only need to save an id, on the client side. In fact, a large amount of data is stored on the server side. If you all use cookie, when the amount of data is large, the client does not have so much space.
  2. cookie is just one of the scenarios for implementing session. Although it is the most commonly used, it is not the only way.
  3. is all saved on the client side and cannot be verified by the server, which makes it easier to forge and counterfeit. (it's hard to forge a random id, but it's easy to forge another user name.)
  4. all are saved on the client, so once hijacked, all information will be leaked
  5. the larger the amount of data on the client side, the larger the amount of data transmitted over the network

there is basically a big discrepancy upstairs. In addition, the data of session disappears when the browser is closed, but COOKIE does not, and the size of the data stored by the two is somewhat different

.

Previous: Chrome's source-map works, but why can't you see the loading of the .map file in the network panel?

Next: Why can't the var keyword in C-sharp be used in fields?

css mysql arrays josn react html typescript webpack npm sass R objective-c .net sql-server jquery python-3.x angularjs django angular excel regex iphone ajax linux xml pandas vba spring database wordpress string wpf xcode windows bash postgresql oracle multithreading eclipse list firebase algorithm macos forms image scala visual-studio azure bootstrap spring-boot react-native python-2.7 docker performance function winforms matlab powershell apache dataframe api sqlite numpy rest shell selenium flutter dart maven loops qt swing android-studio csv express file class tensorflow sorting codeigniter perl
© 2021 CodesHelper
Advertising Contact us About us
Menu