Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Django - Difference between Database backed sessions and Cookie Based Session?

Tags:

cookies

django

session

Was going through Django Documentation and found this "https://docs.djangoproject.com/en/1.4/topics/http/sessions/#using-database-backed-sessions". What is the difference between database backed sessions and cookie based sessions? What is the advantage of one over the other? And what are the disadvantages?

like image 881
Akash K Avatar asked Aug 14 '13 18:08

Akash K

1 Answers

A Session is used by websites to store application state for visitors across multiple page loads.

Cookie Sessions

  • Store their data on the client/user end
  • Work smoothly when you have a cluster of web servers
  • Browsers typically limit cookies to a maximum size of around 4 kilobytes per domain, so limited session data size
  • Cookies can be set to a long lifespan, which means that data stored in a session cookie could be stored for months if not years (Users can clear cookies though)
  • Must be set with HttpOnly and Secure flags, otherwise can be easily stolen via XSS

Database Sessions

  • Store their data server side
  • One of your web servers handles the first request, other web servers in your cluster will not have the stored information unless centrally storing user session data
  • Clients do not have access to the information you store about them and therefore better for sensitive data.
  • Data doesn't have to travel from client to server on each request (clients just need to send an ID so the server can load the data)
  • Can store more data, since stored on server instead of in a cookie

Cookie Sessions vs Database Sessions

| Feature                       | Cookie Sessions | Database Sessions |
|-------------------------------|-----------------|-------------------|
| Works without database        | Yes             | No                |
| Can store sensitive user data | No*             | Yes               |

* Can store pointers referencing sensitive user data on the server, just not the sensitive data itself.

Both Cookie Sessions and Database Sessions work the same way, the only difference is where the data is stored. Django defaults to Database Sessions while Flask defaults to Cookie Sessions.


More information:
https://en.wikipedia.org/wiki/Session_(computer_science)
http://php.about.com/od/learnphp/qt/session_cookie.htm
http://wonko.com/post/why-you-probably-shouldnt-use-cookies-to-store-session-data
http://www.tuxradar.com/practicalphp/10/1/0

like image 101
Seren Avatar answered Oct 15 '22 10:10

Seren
Sign in to Comment

Related questions

dyld: Library not loaded: @executable_path/../.Python
A good collaborative filtering/matching/recommendation library for Python/Django?
How to ensure task execution order per user using Celery, RabbitMQ and Django?
Django import export - Unable to import model with BinaryField
django admin page and JWT
Using bundle_files = 1 with py2exe is not working
How does a python web server overcomes GIL
Use prefetch_related in django_simple_history
django-ajax-selects example usage
Good ways to name django projects which contain only one app
Error loading sample django-bootstrap3 template
SerializerClass field on Serializer save from primary key
Django CORS Access-Control-Allow-Origin missing
Django: Possible to load fixtures with date fields based on the current date?
Django query with distinct and order_by
Multiple User Types For Auth in Django
Best practice when using folium on django
In Django, how do you retrieve data from extra fields on many-to-many relationships without an explicit query for it?
Extending User object in Django: User model inheritance or use UserProfile?
efficient function to retrieve a queryset of ancestors of an mptt queryset

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!