发表新帖
发表新帖

Django - Difference between Database backed sessions and Cookie Based Session?

前端 未结
关注
1 845
旧巷少年郎
旧巷少年郎 2021-01-07 23:03

Was going through Django Documentation and found this \"https://docs.djangoproject.com/en/1.4/topics/http/sessions/#using-database-backed-sessions\". What is the difference

相关标签:
1条回答
  • 醉酒成梦
    2021-01-07 23:57

    A Session is used by websites to store application state for visitors across multiple page loads.

    Cookie Sessions

    • Store their data on the client/user end
    • Work smoothly when you have a cluster of web servers
    • Browsers typically limit cookies to a maximum size of around 4 kilobytes per domain, so limited session data size
    • Cookies can be set to a long lifespan, which means that data stored in a session cookie could be stored for months if not years (Users can clear cookies though)
    • Must be set with HttpOnly and Secure flags, otherwise can be easily stolen via XSS

    Database Sessions

    • Store their data server side
    • One of your web servers handles the first request, other web servers in your cluster will not have the stored information unless centrally storing user session data
    • Clients do not have access to the information you store about them and therefore better for sensitive data.
    • Data doesn't have to travel from client to server on each request (clients just need to send an ID so the server can load the data)
    • Can store more data, since stored on server instead of in a cookie

    Cookie Sessions vs Database Sessions

    | Feature                       | Cookie Sessions | Database Sessions |
|-------------------------------|-----------------|-------------------|
| Works without database        | Yes             | No                |
| Can store sensitive user data | No*             | Yes               |

    * Can store pointers referencing sensitive user data on the server, just not the sensitive data itself.

    Both Cookie Sessions and Database Sessions work the same way, the only difference is where the data is stored. Django defaults to Database Sessions while Flask defaults to Cookie Sessions.


    More information:
    https://en.wikipedia.org/wiki/Session_(computer_science)
    http://php.about.com/od/learnphp/qt/session_cookie.htm
    http://wonko.com/post/why-you-probably-shouldnt-use-cookies-to-store-session-data
    http://www.tuxradar.com/practicalphp/10/1/0

    0 讨论(0)
 看不清?
提交回复
热议问题