This week's book giveaway is in the OCPJP forum. We're giving away four copies of OCA/OCP Java SE 7 Programmer I & II Study Guide and have Kathy Sierra & Bert Bates on-line! See this thread for details.
Hi all, Cookies is the one way to maintain session between server and client, but can anybody explain with the coding how the cookies is created, stored in local system and how it is retreived and how it used to continue the session.
First you will have to decide do you want Cookies or Session. If you have a lot of information about every user(including confidential information) then use Session as the information will be on the server and will not travel unsafely over internet.
As per my knowledge, session information also travel over internet as the part of header then how do we predict that it is safe to use session over cookies.
The session is not passed back and forth between client and server (if it were, why bother using the session?). Data is sent from the client and persisted in memory on the server in the session. The part that is passed back and forth is the key that identifies the session. Typically a web browser uses an in-memory cookie as the session identifier. If cookies are disabled, the web app. has to use url re-writing to do this (adding a session id to every URL in the app). Either way it ammounts to the same thing: HTTP is stateless, the only way a client can identify itself to a server is by passing an identifier of some sort or other.
The difference between this and normal cookies (as demonstrated above) is cookies remain on the client machine. Because of this, you shouldn't put anything sensitive in these sort of cookies. The session is safer.
Ultimately, because of the stateless nature of HTTP, something has to be passed from client to server for even the most basic session tracking to work. If you are worried about security its not a session vs cookie debate really; you need to be using SSL.