How Session Works? What is Session

What is session & Cookie?

HTTP is state­less pro­to­col, mean each http request is not aware of any  oth­er  http request,they are treat­ed as inde­pen­dent request. For good user expe­ri­ence we have to main­tain the state of user (like login , pre­vi­ous activ­i­ties on web­site etc) to main­tain the state there are three way-

• hid­den form field
• get vari­ables (url vari­ables)
• Ses­sion.

For some  func­tions we can use first 2 meth­ods (hid­den form field and url ) but they are very lim­it­ed and depends on client side. To solve this we do use ses­sions & cook­ies.

Ses­sions are made up of two com­po­nents, a client-side ses­sion ID and serv­er-side ses­sion data.

client-side session ID:

When client do send request to serv­er, it have to tell the serv­er that my ses­sion id is ### , It can be done by the help of cook­ie, or by Url para­me­ter, or by http head­er, So when client sends http request to serv­er it attach­es cook­ie with request, or pass the ses­sion id with URL.

server-side session data:

after get­ting the session_id from client side , serv­er search that ses­sion id in ses­sion stor­age and then rec­og­nize the user .

So cook­ies are used just to hold the sessoin_id at client side, and ses­sion is stored at serv­er side.

Session Generation & Session Hijacking:

Till now, we have read that how ses­sion works, now let under­stand how php/java uses ses­sion to hold user spe­cif­ic data.