Sessions
Important to keep in mind that HTTP is a stateless protocol. Meaning, every request is independent and has no relation to any previous or future request.
This is exactly what sessions brings to HTTP. It converts the stateless HTTP into a stateful one by linking multiple requests to the same user.
A session is a server-side state that lets the server link multiple requests to the same user. The server application creates all information related to the user request and stores in the memory and returns a session ID to the client.
When the client sends a second request with the session ID to the server, it will fetch the details behind the session ID and use it to process the request.
-
Session IDs can be returned in cookie headers. Since browser automatically sends the cookies for every request, the session ID is automatically sent to the server for every request. So nothing extra for the application on the browser to do.
-
Session IDs in the web server can be stored in memory or in a database or in a distributed cache.