Differences between cookies and sessions

Question

I am training in web developement and am learning about JSP  amp  Servlets  I have some knowledge of HttpSession - I have used it in some of my sample projects   In browsers I have seen the option to  delete cookies   If I delete the cookies it deletes the HttpSession also   Are cookies and session the same  What are the differences between them

User · Answer

A lot contributions on this thread already, just summarize a sequence diagram to illustrate it in another way.

The is also a good link about this topic, https://web.stanford.edu/~ouster/cgi-bin/cs142-fall10/lecture.php?topic=cookie

User · Answer

A cookie is simply a short text string that is sent back and forth between the client and the server   You could store name bob  password asdfas in a cookie and send that back and forth to identify the client on the server side   You could think of this as carrying on an exchange with a bank teller who has no short term memory  and needs you to identify yourself for each and every transaction   Of course using a cookie to store this kind information is horrible insecure   Cookies are also limited in size   Now  when the bank teller knows about his her memory problem  He She can write down your information on a piece of paper and assign you a short id number   Then  instead of giving your account number and driver s license for each transaction  you can just say  I m client 12   Translating that to Web Servers   The server will store the pertinent information in the session object  and create a session ID which it will send back to the client in a cookie  When the client sends back the cookie  the server can simply look up the session object using the ID   So  if you delete the cookie  the session will be lost   One other alternative is for the server to use URL rewriting to exchange the session id   Suppose you had a link - www myserver com myApp jsp   You could go through the page and rewrite every URL as www myserver com myApp jsp sessionID asdf or even www myserver com asdf myApp jsp and exchange the identifier that way   This technique is handled by the web application container and is usually turned on by setting the configuration to use cookieless sessions

User · Answer

A cookie is simply a short text string that is sent back and forth between the client and the server   You could store name bob  password asdfas in a cookie and send that back and forth to identify the client on the server side   You could think of this as carrying on an exchange with a bank teller who has no short term memory  and needs you to identify yourself for each and every transaction   Of course using a cookie to store this kind information is horrible insecure   Cookies are also limited in size   Now  when the bank teller knows about his her memory problem  He She can write down your information on a piece of paper and assign you a short id number   Then  instead of giving your account number and driver s license for each transaction  you can just say  I m client 12   Translating that to Web Servers   The server will store the pertinent information in the session object  and create a session ID which it will send back to the client in a cookie  When the client sends back the cookie  the server can simply look up the session object using the ID   So  if you delete the cookie  the session will be lost   One other alternative is for the server to use URL rewriting to exchange the session id   Suppose you had a link - www myserver com myApp jsp   You could go through the page and rewrite every URL as www myserver com myApp jsp sessionID asdf or even www myserver com asdf myApp jsp and exchange the identifier that way   This technique is handled by the web application container and is usually turned on by setting the configuration to use cookieless sessions

User · Answer

Sessions are server-side files that contain user information  while Cookies are client-side files that contain user information  Sessions have a unique identifier that maps them to specific users  This identifier can be passed in the URL or saved into a session cookie   Most modern sites use the second approach  saving the identifier in a Cookie instead of passing it in a URL  which poses a security risk   You are probably using this approach without knowing it  and by deleting the cookies you effectively erase their matching sessions as you remove the unique session identifier contained in the cookies

User · Answer

Google JSESSIONID   This will explain how the Servlet API initially uses URL re-writing and then  if cookies are enabled  cookies to manage sessions   HTTP is stateless so the client browser must send the id of its session to the server with each request   The server  through whatever means  uses this id to retrieve any data for that session making it available for the lifetime of the request

User · Answer

A cookie is simply a short text string that is sent back and forth between the client and the server   You could store name bob  password asdfas in a cookie and send that back and forth to identify the client on the server side   You could think of this as carrying on an exchange with a bank teller who has no short term memory  and needs you to identify yourself for each and every transaction   Of course using a cookie to store this kind information is horrible insecure   Cookies are also limited in size   Now  when the bank teller knows about his her memory problem  He She can write down your information on a piece of paper and assign you a short id number   Then  instead of giving your account number and driver s license for each transaction  you can just say  I m client 12   Translating that to Web Servers   The server will store the pertinent information in the session object  and create a session ID which it will send back to the client in a cookie  When the client sends back the cookie  the server can simply look up the session object using the ID   So  if you delete the cookie  the session will be lost   One other alternative is for the server to use URL rewriting to exchange the session id   Suppose you had a link - www myserver com myApp jsp   You could go through the page and rewrite every URL as www myserver com myApp jsp sessionID asdf or even www myserver com asdf myApp jsp and exchange the identifier that way   This technique is handled by the web application container and is usually turned on by setting the configuration to use cookieless sessions

User · Answer

Sessions are server-side files that contain user information  while Cookies are client-side files that contain user information  Sessions have a unique identifier that maps them to specific users  This identifier can be passed in the URL or saved into a session cookie   Most modern sites use the second approach  saving the identifier in a Cookie instead of passing it in a URL  which poses a security risk   You are probably using this approach without knowing it  and by deleting the cookies you effectively erase their matching sessions as you remove the unique session identifier contained in the cookies

User · Answer

Google JSESSIONID   This will explain how the Servlet API initially uses URL re-writing and then  if cookies are enabled  cookies to manage sessions   HTTP is stateless so the client browser must send the id of its session to the server with each request   The server  through whatever means  uses this id to retrieve any data for that session making it available for the lifetime of the request

User · Answer

Cookies are stored in browser as a text file format It is stored limit amount of data It is only allowing 4kb 4096bytes    COOKIE variable not will hold multiple cookies with the same name we can accessing the cookies values in easily So it is less secure The setcookie   function must appear BEFORE the  lt html gt    tag  Sessions are stored in server side It is stored unlimit amount of data It is holding the multiple variable in sessions  we cannot accessing the cookies values in easily So it is more secure

User · Answer

Cookie is basically a global array accessed across web browsers  Many a times used to send receive values  it acts as a storage mechanism to access values between forms  Cookies can be disabled by the browser which adds a constraint to their use in comparison to session   Session can be defined as something between logging in and logging out  the time between the user logging in and logging out is a session  Session stores values only for the session time i e before logging out   Sessions are used to track the activities of the user  once he logs on

User · Answer

A cookie is simply a short text string that is sent back and forth between the client and the server   You could store name bob  password asdfas in a cookie and send that back and forth to identify the client on the server side   You could think of this as carrying on an exchange with a bank teller who has no short term memory  and needs you to identify yourself for each and every transaction   Of course using a cookie to store this kind information is horrible insecure   Cookies are also limited in size   Now  when the bank teller knows about his her memory problem  He She can write down your information on a piece of paper and assign you a short id number   Then  instead of giving your account number and driver s license for each transaction  you can just say  I m client 12   Translating that to Web Servers   The server will store the pertinent information in the session object  and create a session ID which it will send back to the client in a cookie  When the client sends back the cookie  the server can simply look up the session object using the ID   So  if you delete the cookie  the session will be lost   One other alternative is for the server to use URL rewriting to exchange the session id   Suppose you had a link - www myserver com myApp jsp   You could go through the page and rewrite every URL as www myserver com myApp jsp sessionID asdf or even www myserver com asdf myApp jsp and exchange the identifier that way   This technique is handled by the web application container and is usually turned on by setting the configuration to use cookieless sessions

User · Answer

Session in Asp net   1 Maintains the data accross all over the application   2 Persists the data if current session is alive  If we need some data to accessible from multiple controllers acitons and views the session is the way to store and retreive data   3 Sessions are server side files that contains user information   Sessions are unique identifier that maps them to specific users   Translating that to Web Servers  The server will store the pertinent information in the session object  and create a session ID which it will send back to the client in a cookie  When the client sends back the cookie  the server can simply look up the session object using the ID  So  if you delete the cookie  the session will be lost

User · Answer

Sessions are server-side files that contain user information  while Cookies are client-side files that contain user information  Sessions have a unique identifier that maps them to specific users  This identifier can be passed in the URL or saved into a session cookie   Most modern sites use the second approach  saving the identifier in a Cookie instead of passing it in a URL  which poses a security risk   You are probably using this approach without knowing it  and by deleting the cookies you effectively erase their matching sessions as you remove the unique session identifier contained in the cookies

User · Answer

A lot contributions on this thread already, just summarize a sequence diagram to illustrate it in another way.

The is also a good link about this topic, https://web.stanford.edu/~ouster/cgi-bin/cs142-fall10/lecture.php?topic=cookie

User · Answer

Google JSESSIONID   This will explain how the Servlet API initially uses URL re-writing and then  if cookies are enabled  cookies to manage sessions   HTTP is stateless so the client browser must send the id of its session to the server with each request   The server  through whatever means  uses this id to retrieve any data for that session making it available for the lifetime of the request

User · Answer

Session in Asp net   1 Maintains the data accross all over the application   2 Persists the data if current session is alive  If we need some data to accessible from multiple controllers acitons and views the session is the way to store and retreive data   3 Sessions are server side files that contains user information   Sessions are unique identifier that maps them to specific users   Translating that to Web Servers  The server will store the pertinent information in the session object  and create a session ID which it will send back to the client in a cookie  When the client sends back the cookie  the server can simply look up the session object using the ID  So  if you delete the cookie  the session will be lost

User · Answer

Sessions are server-side files that contain user information  while Cookies are client-side files that contain user information  Sessions have a unique identifier that maps them to specific users  This identifier can be passed in the URL or saved into a session cookie   Most modern sites use the second approach  saving the identifier in a Cookie instead of passing it in a URL  which poses a security risk   You are probably using this approach without knowing it  and by deleting the cookies you effectively erase their matching sessions as you remove the unique session identifier contained in the cookies

User · Answer

Cookies and session both store information about the user  to make the HTTP request stateful  but the difference is that cookies store information on the client-side  browser  and sessions store information on the server-side  A cookie is limited in the sense that it stores information about limited users and only stores limited content for each user  A session is not limit in such a way

User · Answer

Cookies are stored in browser as a text file format It is stored limit amount of data It is only allowing 4kb 4096bytes    COOKIE variable not will hold multiple cookies with the same name we can accessing the cookies values in easily So it is less secure The setcookie   function must appear BEFORE the  lt html gt    tag  Sessions are stored in server side It is stored unlimit amount of data It is holding the multiple variable in sessions  we cannot accessing the cookies values in easily So it is more secure

User · Answer

Cookie is basically a global array accessed across web browsers  Many a times used to send receive values  it acts as a storage mechanism to access values between forms  Cookies can be disabled by the browser which adds a constraint to their use in comparison to session   Session can be defined as something between logging in and logging out  the time between the user logging in and logging out is a session  Session stores values only for the session time i e before logging out   Sessions are used to track the activities of the user  once he logs on

User · Answer

Cookies and session both store information about the user  to make the HTTP request stateful  but the difference is that cookies store information on the client-side  browser  and sessions store information on the server-side  A cookie is limited in the sense that it stores information about limited users and only stores limited content for each user  A session is not limit in such a way

User · Answer

Cookie is a way to implement the session between client and server  in this way session information stored in cookie   But this is not the only way to hold the session info  another way is store session info in Url

User · Answer

Google JSESSIONID   This will explain how the Servlet API initially uses URL re-writing and then  if cookies are enabled  cookies to manage sessions   HTTP is stateless so the client browser must send the id of its session to the server with each request   The server  through whatever means  uses this id to retrieve any data for that session making it available for the lifetime of the request

User · Answer

Cookie is a way to implement the session between client and server  in this way session information stored in cookie   But this is not the only way to hold the session info  another way is store session info in Url

[jsp] Differences between cookies and sessions?

Examples related to jsp

Examples related to session

Examples related to servlets

Examples related to cookies