Q&A

Index

Differences

  • Cookie stores information on the client-side (typically in the browser). Each request sends this information to the server through a special parameter, the Cookie.
  • Session stores information on the server-side. It uses the Cookie as a medium to mark a unique ID (SESSION_ID), which is then sent back to the server through the Cookie to retrieve the corresponding data.
  • Session can store sensitive, arbitrary format, and large size data, as the data is stored on the server.
  • Cookie can only store 4KB, non-sensitive, and ASCII-encoded data.
  • Typically, a site can store a maximum of 150 cookies.
  • A session can store nearly unlimited data.

Similarities

  • Both rely on the browser's Cookie mechanism.
  • Both have cross-origin issues. It is common for clients to request services from multiple domains.
  • Both can be used to track HTTP states.

Use Case

Personally, I prefer using JWT + Redis storage for API calls in HTTP Servers, as it eliminates the need to differentiate between client types and does not rely on the browser mechanism.

😅

Actually, these things are quite boring and don't have much significance. But I'll record them just to fill up the content.