What is the difference between creating cookies on the server and on the client? Are these called server side cookies and client side cookies? Is there a way to create cookies that can only be read on the server or on the client?
可以将文章内容翻译成中文,广告屏蔽插件可能会导致该功能失效(如失效,请关闭广告屏蔽插件后再试):
问题:
回答1:
HTTP COOKIES
Cookies are key/value pairs used by websites to store state informations on the browser. Say you have a website (example.com), when the browser requests a webpage the website can send cookies to store informations on the browser.
Browser request example:
GET /index.html HTTP/1.1
Host: www.example.com
Example answer from the server:
HTTP/1.1 200 OK
Content-type: text/html
Set-Cookie: foo=10
Set-Cookie: bar=20; Expires=Fri, 30 Sep 2011 11:48:00 GMT
... rest of the response
Here two cookies foo=10 and bar=20 are stored on the browser. The second one will expire on 30 September. In each subsequent request the browser will send the cookies back to the server.
GET /spec.html HTTP/1.1
Host: www.example.com
Cookie: foo=10; bar=20
Accept: */*
SESSIONS: Server side cookies
Server side cookies are known as "sessions". The website in this case stores a single cookie on the browser containing a unique Session Identifier. Status information (foo=10 and bar=20 above) are stored on the server and the Session Identifier is used to match the request with the data stored on the server.
Examples of usage
You can use both sessions and cookies to store: authentication data, user preferences, the content of a chart in an e-commerce website, etc...
Pros and Cons
Below pros and cons of the solutions. These are the first that comes to my mind, there are surely others.
Cookie Pros:
- scalability: all the data is stored in the browser so each request can go through a load balancer to different webservers and you have all the informations needed to fullfill the request;
- they can be accessed via javascript on the browser;
- not being on the server they will survive server restarts;
- RESTful: requests don't depend on server state
Cookie Cons:
- storage is limited to 80 KB (20 cookies, 4 KB each)
- secure cookies are not easy to implement: take a look at the paper A secure cookie protocol
Session Pros:
- generally easier to use, in PHP there's probably not much difference.
- unlimited storage
Session Cons:
- more difficult to scale
- on web server restarts you can lose all sessions or not depending on the implementation
- not RESTful
回答2:
You probably mean the difference between Http Only cookies and their counter part?
Http Only cookies cannot be accessed (read from or written to) in client side JavaScript, only server side. If the Http Only flag is not set, or the cookie is created in (client side) JavaScript, the cookie can be read from and written to in (client side) JavaScript as well as server side.
回答3:
There is no difference. A regular cookie can be set server side or client side. The cookie will be sent back with each request. A cookie that is set by the server, will be sent to the client in a response. The server only sends the cookie when it is explicitly set or changed, while the client sends the cookie on each request.
But it's the same cookie.
回答4:
Yes you can create cookies that can only be read on the server-side. These are called "HTTP Only" -cookies, as explained in other answers already
No, there is no way (I know of) to create "cookies" that can be read only on the client-side. Cookies are meant to facilitate client-server communication.
BUT, if you want something LIKE "client-only-cookies" there is a simple answer: Use "Local Storage".
Local Storage is actually syntactically simpler to use than cookies. A good simple summary of cookies vs. local storage can be found at:
https://courses.cs.washington.edu/courses/cse154/12au/lectures/slides/lecture21-client-storage.shtml#slide8
A point: You might use cookies created in JavaScript to store GUI-related things you only need on the client-side. BUT the cookie is sent to the server for EVERY request made, it becomes part of the http-request headers thus making the request contain more data and thus slower to send.
If your page has 50 resources like images and css-files and scripts then the cookie is (typically) sent with each request. More on this in Does every web request send the browser cookies?
Local storage does not have those data-transfer related disadvantages, it sends no data. It is great.
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 啃猪蹄的小仙女 的文章《What is the difference between server side cookie 》','https://www.manongdao.com/article-106431.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}