Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What is the difference between a cookie and a session in django?

I think they are same thing but my boss say that is not right. Can someone explain the difference?

like image 550
zjm1126 Avatar asked Feb 25 '11 03:02

zjm1126


People also ask

What is the difference between cookie and session?

Cookies are client-side files that are stored on a local computer and contain user information. Sessions are server-side files that store user information. Cookies expire after the user specified lifetime. The session ends when the user closes the browser or logs out of the program.

What is cookies in Python Django?

What are Cookies in Django? Cookies, also known as HTTP Cookies, are little text files that your browser creates and maintains in response to a specific Web-Server request. Your browser saves them locally, and most browsers will display you the cookies that have been generated under the Privacy and Security settings.

What is session in Django?

Sessions are the mechanism used by Django (and most of the Internet) for keeping track of the "state" between the site and a particular browser. Sessions allow you to store arbitrary data per browser, and have this data available to the site whenever the browser connects.

What is the difference between session token and cookie?

Cookies and tokens are two common ways of setting up authentication. Cookies are chunks of data created by the server and sent to the client for communication purposes. Tokens, usually referring to JSON Web Tokens (JWTs), are signed credentials encoded into a long string of characters created by the server.


2 Answers

A cookie is something that sits on the client's browser and is merely a reference to a Session which is, by default, stored in your database.

The cookie stores a random ID and doesn't store any data itself. The session uses the value in the cookie to determine which Session from the database belongs to the current browser.

This is very different from directly writing information on the cookie.

Example:

httpresponse.set_cookie('logged_in_status', 'True') # terrible idea: this cookie data is editable and lives on your client's computer   request.session['logged_in_status'] = True # good idea: this data is not accessible from outside. It's in your database. 
like image 68
Yuji 'Tomita' Tomita Avatar answered Sep 17 '22 20:09

Yuji 'Tomita' Tomita


A cookie is not a Django, or Python specific technology. A cookie is a way of storing a small bit of state in your client's browser. It's used to supplement (or hack around, depending on your point of view) HTTP, which is a stateless protocol. There are all sorts of limitations here, other domains cant read your cookies, you can only store a a few k of data (just how much depends on the browser!), etc, etc.

A cookie can be used to store a session key. A session is a collection of user state that's stored server side. The session key gets passed back to the server, which allows you to look up that session's state. Most web frameworks (not just Django) will have some sort of session concept built in. This lets you add server-side state to an HTTP conversation.

like image 30
mblinn Avatar answered Sep 20 '22 20:09

mblinn