Understanding COOKIES
Cookies are data files written to your hard disk by a Web server computer that is used to identify itself so that users on the site when the user re-visiting the site, the site will be able to recognize it.
Functions of cookies :
1. Helping the web site to "remember" who we are and set the appropriate preferences so that when the user re-visiting this web site will be instantly recognizable.
2. Eliminating the need to re-register on the web site again when accessing the (site only), cookies help the user logged into the web server.
3. Allows web site to browse the web surfing patterns of users and to know your favorite sites are frequently visited.
Types of Cookies
1. Non-persistent (session) cookies. A cookie that will disappear when users close the browser and is usually used on the 'shopping carts' in the online shopping store to browse the items
purchased.
purchased.
2. Persistent cookies. Arranged by portal sites, banner / ad sites and other media who want to know when users return to visit their site. (Eg by providing the option "Remember Me" when logging in). These files are stored on the user's hard drive.
Both types of these cookies store information about a URL or domain name of a user visited the site and several codes indicating what pages you have visited. Cookies may contain personal information of users, such as name and email address, but can also provide information to website users through the registration process. In other words, the cookies will not be able to "steal" the name and email address unless provided by the user. However, there is a specific code (malicious code) that is made for example by an ActiveX control, which can retrieve information from a PC without user's knowledge.
Cookies are generally less than 100 bytes so it will not affect the browsing speed. but because in most cases the browser is set by default to accept cookies then the user will not know that cookies are already on the computer. Cookies can be useful especially on sites that require registration, so each time you visit the site, cookies are going to log a user without having to enter a user name and password again.
SESSION
In computer science, in particular networking, a session is a semi-permanent interactive information interchange, also known as a dialogue, a conversation or a meeting, between two or more communicating devices, or between a computer and user (see Login session). A session is set up or established at a certain point in time, and torn down at a later point in time. An established communication session may involve more than one message in each direction. A session is typically, but not always, stateful, meaning that at least one of the communicating parts needs to save information about the session history in order to be able to communicate, as opposed to stateless communication, where the communication consists of independent requests with responses.
An established session is the basic requirement to perform a connection-oriented communication. A session also is the basic step to transmit in connectionless communication modes. However any unidirectional transmission does not define a session[1].
Communication sessions may be implemented as part of protocols and services at the application layer, at the session layer or at the transport layer in the OSI model.
Application layer examples:
- HTTP sessions, which allow associating information with individual visitors
- A telnet remote login session
Session layer example:
- A Session Initiation Protocol (SIP) based Internet phone call
Transport layer example :
- A TCP session, which is synonymous to a TCP virtual circuit, a TCP connection, or an established TCP socket.
In the case of transport protocols that do not implement a formal session layer (e.g., UDP) or where sessions at the session layer are generally very short-lived (e.g., HTTP), sessions are maintained by a higher level program using a method defined in the data being exchanged. For example, an HTTP exchange between a browser and a remote host may include an HTTP cookie which identifies state, such as a unique session ID, information about the user's preferences or authorization level.
Protocol version HTTP/1.1 makes it possible to reuse the same TCP session for a sequence of service requests and responses (a sequence of file transfers) in view to reduce the session establishment time, while HTTP/1.0 only allows a single request and response during one TCP session. However, this transport layer session mechanism should not be confused with a so-called HTTP session, since it does not last a sufficiently long time, and does not provide application level interactive services such as dynamic web pages.
No comments:
Post a Comment