Mamaaaa, what are Sessions?


The HTTP protocol is defined to be stateless. For a protocol that allows an essentially non-linear look into a linear, static, “book-like”, hierarchical structure called web page, that makes sense. All the serving application needs to know can be encoded in a single request, which was also done to prevent DoS attacks since the server does not keep any data for any client what-so-ever, thus preventing running out of memory when hit with too many requests.

As soon as web pages started to be non-static and allowed clients to manipulate server-side data, problems abounded. Now there is the need to save state. Think of a typical website that allows you to log in. That login state needs to be saved between requests to be remembered the next time your browser requests a page. Read the rest of this entry »