Skip to main content

Sessions

HTTP is stateless

Keep in mind that HTTP is a stateless protocol. Each request stands alone, with no link to a past or future request.

This is exactly what sessions bring to HTTP. They make HTTP stateful by linking many requests to the same user.

A session is server-side state. It lets the server link many requests to the same user. The server app builds all the user's request data and stores it in memory. It then returns a session ID to the client.

When the client sends a second request with the session ID, the server fetches the data behind that ID. It then uses the data to handle the request.

browser sessions
Implementation details

  1. Session IDs can be returned in cookie headers. The browser sends cookies on every request. The session ID goes to the server each time. The browser app does nothing extra.

  2. Session IDs in the web server can be stored in memory or in a database or in a distributed cache.

Last updated on by Swaroop Raghupathy