First of all, you must understand that the session is stored on the server side and the cookie is stored on the client side. It is wrong to ask this~ The server needs to store login information, and the client browser also needs it~ By the way~ General browser cookies The settings are turned on. If your cookie settings are turned off, you will not be able to log in to some websites, such as logging in to your Baidu account. If you turn off cookies, Baidu will prompt you to turn on cookies and not allow you to log in. If you don’t believe me, you can try PS (turning cookies off will work) URL rewriting technology is used, but for security reasons most websites do not use this technology now) In a word: cookie is an identifier given to the client by the server. Session is used to store the information of the currently logged in user (generally large websites use redis to specifically manage sessions) [ Sessions and cookies all have life cycles. When the server-side session life cycle ends, the client needs to log in again! There are also some cookies whose life cycle ends when the browser is closed] Finally: (There is a lot of other knowledge that I have not mentioned. I hope the author can learn more about JavaWeb's related technologies about session and cookies)
Scale of the project A personal small project session is enough. If the project is very large, I don’t know. If it is the server of ios android web. Under normal circumstances, the user will be given a token after logging in. User operations need to carry tokens for verification.
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
First of all, you must understand that the session is stored on the server side and the cookie is stored on the client side. It is wrong to ask this~
The server needs to store login information, and the client browser also needs it~ By the way~ General browser cookies The settings are turned on. If your cookie settings are turned off, you will not be able to log in to some websites, such as logging in to your Baidu account. If you turn off cookies, Baidu will prompt you to turn on cookies and not allow you to log in. If you don’t believe me, you can try PS (turning cookies off will work) URL rewriting technology is used, but for security reasons most websites do not use this technology now) In a word: cookie is an identifier given to the client by the server. Session is used to store the information of the currently logged in user (generally large websites use redis to specifically manage sessions) [ Sessions and cookies all have life cycles. When the server-side session life cycle ends, the client needs to log in again! There are also some cookies whose life cycle ends when the browser is closed]
Finally: (There is a lot of other knowledge that I have not mentioned. I hope the author can learn more about JavaWeb's related technologies about session and cookies)
Put it in memcache or redis
Scale of the project
A personal small project session is enough.
If the project is very large, I don’t know.
If it is the server of ios android web. Under normal circumstances, the user will be given a token after logging in. User operations need to carry tokens for verification.