I.Description
Cookies are a technology that allows the website server to store a small amount of data on the client's hard disk or memory, or to read data from the client's hard disk.
For the introduction of Session, please refer to the document: Report Session and Application Session.
II. Difference between cookie mechanism and session mechanism
Specifically, the Cookie mechanism uses a solution to keep state on the client side, while the Session mechanism uses a solution to keep state on the server side. At the same time, we have also seen that because the server-side state-keeping scheme also needs to save an identity on the client side, the Session mechanism may need to use the Cookie mechanism to achieve the purpose of storing the identity, but actually also having other options.
III. Difference between cookie expiration and session timeout
The session timeout is maintained by the server, which is different from cookie expiration. First, sessions are generally based on cookies that reside in memory and are not persistent cookies, so there is no expiration date. Even if the JSESSIONID Cookie is intercepted, and an expiration date is set for it, it is sent out. Browser sessions and server sessions are also different. When the user closes the browser, although the Session and Cookie have disappeared, the Session object saved on the server side will not disappear, nor will the persistent Cookie saved on the hard disk disappear.