Difference between creating a session and a cookie?

Question

Difference between creating a session and a cookie?

I am working on my first site with Play! framework, and at some point I call this method when the user logs in:

static void connect(User user){
    session.put("userid", user.id);
}

Just saving the user id in the session, and I can check if it is set for each request, works fine. The problem is that as soon as the browser is closed, the cookie will be lost and the user needs to log in again. I want to create the “remember me” option, and it seems that the only way to do this is to create a cookie and send it using an answer, for example:

response.setCookie("user", userdata, "14d");

So, I wonder what is the point of creating a session when it does the same? (But it does not give me any control over the time of the cookie). And one more thing I haven't found yet is how to read a request cookie?

(And I know that cookies created with setCookie are not encrypted and I need to call Crypto.sign())

+5

java cookies session remember-me playframework

networkprofile Jun 18 '11 at 20:30

source share

5 answers

-: .

Session Application. , , ..

, . - -, , . , . , , . .

- , , . . , Google . , , .

+2

Hasan Fahim 18 . '11 20:35

: cookie, , .

cookie - ( web.xml, ). cookie HttpServletRequest getCookies.

EDIT: - getCookies, Play! framework . http://groups.google.com/group/play-framework/msg/6e40b07ff9b49a8a cookie.

+1

Femi 18 . '11 20:37

, + - . cookie , , -, .

, , , , , , , . , .

MSDN , cookie http://msdn.microsoft.com/en-us/library/ms178194.aspx

+1

MoarCodePlz Jun 18 '11 at 20:37

source share

You must store the user ID in the cookie exactly at the point where you used the session attribute. Use HttpServletRequest.getCookies () to read a cookie. This method returns an array of cookies, so you need to iterate over the array to determine the appropriate cookie.

To change a cookie, just override it.

0

Alexr Jun 18 '11 at 20:36

source share

sojin · Accepted Answer · 2011-06-19T06:57:19+0000

1) Session in the game! always supported by cookies (i.e. client side), this is due to the "Share nothing" approach.

2) If you use a secure module (or you can take a look at the code and follow if you write your own), the authenticate () method takes a remember parameter and establishes a session for 30 days ( response.setCookie("rememberme", Crypto.sign(username) + "-" + username, "30d");)

That is, if the user does not select "remember", their session lasts only until the browser is closed.

3) , , , session.put() . , cookie.

4) , CRUD ( "" ), /id ( ) . , , memcache.

5) cookie request.cookies.get("name") .

Difference between creating a session and a cookie?

More articles: