Cookies
- Cookies are stored on the client side (in the visitor's browser).
- Cookies are not safe: it's quite easy to read and write cookie contents.
- When using cookies, you have to notify visitors according to european laws (GDPR).
- Expiration can be set, but user or browser can change it.
- Users (or browser) can (be set to) decline the use of cookies.
Sessions
- Sessions are stored on the server side.
- Sessions use cookies (see below).
- Sessions are safer than cookies, but not invulnarable.
- Expiration is set in server configuration (php.ini for example).
- Default expiration time is 24 minutes or when the browser is closed.
- Expiration is reset when the user refreshes or loads a new page.
- Users (or browser) can (be set to) decline the use of cookies, therefore sessions.
- Legally, you also have to notify visitors for the cookie, but the lack of precedent is not clear yet.
Set Cookie
def set_session(request, key=None, value=None):
      response = HttpResponse('Session儲存完畢')
      request.session[key] = value
      return response
      response = HttpResponse('Session儲存完畢')
      request.session[key] = value
      return response
Get Cookie
def get_cookie(request, key=None):
      if key in request.COOKIES:
               return HttpResponse(f'{key} => {request.COOKIES[key]}')
      else:
               return HttpResponse("Cookie不存在")
      if key in request.COOKIES:
               return HttpResponse(f'{key} => {request.COOKIES[key]}')
      else:
               return HttpResponse("Cookie不存在")
Set Session
def set_session(request, key=None, value=None):
        response = HttpResponse('Session儲存完畢')
        request.session[key] = value
        return response
        response = HttpResponse('Session儲存完畢')
        request.session[key] = value
        return response
Get Session
def get_session(request, key=None):
     if key in request.session:
          return HttpResponse(f'{key} => {request.session[key]}')
     else:
          return HttpResponse("Session不存在")
     if key in request.session:
          return HttpResponse(f'{key} => {request.session[key]}')
     else:
          return HttpResponse("Session不存在")