Session cookies = cookies?

I wonder if cookies 开发者_如何学运维are the same as session cookies?

A cookie is a cookie.

"Session cookie" can refer to one of two things:

• A cookie with unspecified timeout, which will be discarded as soon as the browser is closed. I.e. the browser will only retain it for the current "browsing session."
• A cookie containing a session id.

Sometimes it means both. It's not a very well defined term.

As such, the correct description would be session cookie ⊆ cookie,
instead of session cookie = cookie. ;o)

All session cookies are cookies, but not all cookies are session cookies.

Session cookies are cookies whose only purpose is to maintain session state in your site. They typically disappear the moment you close your browser, whereas other cookies that contain some other data tend to persist across sessions.

I wonder if cookies are the same as session cookies?

No. There are different types of cookies.

• Session cookies usually used for tracking sessions. They are deleted by a browser when you close it.
• Persistent cookies saved on your hard drive. Persistent cookies expire (deleted by browser) when expiry date is reached.
• First party cookies are set/retrieved by a website which you actually visit.
• Third party cookies are set/retrieved by a different domain. Usually used for advertising and info sharing between websites.

There are also HTTP Only, Secure, and zombie cookies.

The main difference between cookies and sessions is that cookies are stored in the user's browser, and sessions are not. This difference determines what each is best used for. A cookie can keep information in the user's browser until deleted. If a person has a login and password, this can be set as a cookie in their browser so they do not have to re-login to your website every time they visit. You can store almost anything in a browser cookie. The trouble is that a user can block cookies or delete them at any time. If, for example, your website's shopping cart utilized cookies, and a person had their browser set to block them, then they could not shop at your website.

Sessions are not reliant on the user allowing a cookie. They work instead like a token allowing access and passing information while the user has their browser open. The problem with sessions is that when you close your browser you also lose the session. So, if you had a site requiring a login, this couldn't be saved as a session like it could as a cookie, and the user would be forced to re-login every time they visit.

You can of course get the best of both worlds! Once you know what each does, you can use a combination of cookies and sessions to make your site work exactly the way you want it to.