Cookies and Sessions are used to store information. Cookies are only stored on the client-side machine, while sessions get stored on the client as well as a server.
- A session creates a file in a temporary directory on the server where registered session variables and their values are stored. This data will be available to all pages on the site during that visit.
- A session ends when the user closes the browser or after leaving the site, the server will terminate the session after a predetermined period of time, commonly 30 minutes duration.
- Cookies contains a piece of information are not safe, though it is kept on client-side server.
- Cookies are text files stored on the client computer and they are kept of use tracking purpose. Server script sends a set of cookies to the browser. For example name, age, or identification number etc. The browser stores this information on a local machine for future use. When next time browser sends any request to web server then it sends those cookies information to the server and server uses that information to identify the user.
Network Protocols for web browser and servers are categorized into two types: Stateless Protocol, and Stateful protocol. These two protocols are differentiated on the basis of the requirement of server or server-side software to save status or session information.
- In Stateless protocol, Client send request to the server and server response back according to current state.
- It does not require the server to retain session information or a status about each communicating partner for multiple request.
- Means, whenever the request is sent to server , server does not store the information about client/user request. Each time the same user sent the request, for server it will be new user though it is same user. As no information or id is being store with server for validation or identification.
- Example of Stateless Protocol :
- HTTP (Hypertext Transfer Protocol)
- UDP (User Datagram Protocol)
- DNS (Domain Name System)
- Features of Stateless Protocols :
- Stateless Protocol simplify the design of Server.
- The stateless protocol requires less resources because system do not need to keep track of the multiple link communications and the session details.
- In Stateless Protocol each information packet travel on it’s own without reference to any other packet.
- Each communication in Stateless Protocol is discrete and unrelated to those that precedes or follow.
In Stateful Protocol If client send a request to the server then it expects some kind of response, if it does not get any response then it resend the request. FTP (File Transfer Protocol), Telnet are the example of Stateful Protocol.
- Features of Stateless Protocols :
- Stateful Protocols provide better performance to the client by keeping track of the connection information.
- Stateful Application require Backing storage.
- Stateful request are always dependent on the server-side state.
- TCP session follow stateful protocol because both systems maintain information about the session itself during its life.
- Whenever the client/user makes request to server.
- The request is being made through/via HTTP.
- HTTP stands for Hyper Text Transfer Protocol
- HTTP is a stateless protocol.
- Stateless protocol means the server does not track user, so no information is stored with server regarding client/user request.
- So the problem here is that
- Whenever the client/user makes multiple request, Same client/user is new for server.
- So to overcome , session and cookie came in-hand
- As http is stateless, to maintain state, server decided whenever client/user sent the request a ID will be sent along with request, and server though return same ID with response to keep track.
- After session is created , after sending request and response recieved, server sends key with response to browser known as cookie.
- So whenever the client/user sent request again browser takes cookie along with request to server.
- So know the server check cookie id(key), and check for which session (client/user) does this cookie id (key) belongs to
- So server identifies user with cookie.
- Session is used to identify a user/client.
- Session is stored at server side.
- Cookie is stored in browser on client side.