Client-side vs. Server-side
As HTTP is a stateless protocol - web applications have no way of identifying a user from previous visits on returning to the web site - session data usually relies on a cookie token to identify the user for repeat visits (although rarely URL parameters may be used for the same purpose). Data will usually have a sliding expiry time (renewed each time the user visits), and depending on your server/framework data will either be stored in-process (meaning data will be lost if the web server crashes or is restarted) or externally in a state server or database. This is also necessary when using a web-farm (more than one server for a given website).
As session data is completely controlled by your application (server side) it is the best place for anything sensitive or secure in nature.
The obvious disadvantage of server-side data is scalability - server resources are required for each user for the duration of the session, and that any data needed client side must be sent with each request. As the server has no way of knowing if a user navigates to another site or closes their browser, session data must expire after a given time to avoid all server resources being taken up by abandoned sessions. When using session data you should, therefore, be aware of the possibility that data will have expired and been lost, especially on pages with long forms. It will also be lost if the user deletes their cookies or switches browsers/devices.
Some web frameworks/developers use hidden HTML inputs to persist data from one page of a form to another to avoid session expiration.
localStorage, sessionStorage, and cookies are all subject to "same-origin" rules which means browsers should prevent access to the data except the domain that set the information to start with.
For further reading on client storage technologies see Dive Into Html 5.
Comparison Chart
| BASIS FOR COMPARISON | SERVER-SIDE SCRIPTING | CLIENT-SIDE SCRIPTING |
|---|---|---|
| Basic | Works in the back end which could not be visible at the client end. | Works at the front end and script are visible among the users. |
| Processing | Requires server interaction. | Does not need interaction with the server. |
| Languages involved | PHP, ASP.net, Ruby on Rails, ColdFusion, Python, etcetera. | HTML, CSS, JavaScript, etc. |
| Affect | Could effectively customize the web pages and provide dynamic websites. | Can reduce the load to the server. |
| Security | Relatively secure. | Insecure |
.gif)
0 Comments