Cookie and Session

---

In HTTP, it is unreliable, so, they forget the users, the users need to authorize every single time.
So, Cookie and session helps them keep authorizing to the website.

---

Cookie

A file that stores keys and values (name, time, path, address) in “Client Local”.

1. Web browser requests to server
   
2. Create Cookie to keep holding their information
   
3. Attach Cookie on HTTP header and send it when server requests
   
4. Web browser manages Cookie, send Cookie with HTTP in next request
   
5. Server checks the previous information in Cookie, and response
   
   
   e.g. ID, Password

---

Session

A time that keep holding the statement from access to finish in server through web browser.

1. Web browser requests to server
   
2. Server allocate ID to the web browser
   
3. Put Session ID into Cookie with HTTP and send it to server when server response
   
4. Web browser sends them again until close the web browser
   
5. Server checks session ID and the previous information about session ID, and response
   
   Session also use Cookie for keeping statement.
   e.g. Login

---

The difference between Cookie and Session

Storage location
-Cookie : Client
-Session : Server

Security
-Cookie : not secure, because it stores in Client
-Session : secure, because it only store session ID in Client

Duration
-Cookie : Client still have data
-Session : Client only have session ID, not data

Speed
-Cookie : fast, because it stores in Client
-Session : slow, becuase the actual data is in Server