How Session Works? What is Session
What is session & Cookie?
HTTP is stateless protocol, mean each http request is not aware of any other http request,they are treated as independent request. For good user experience we have to maintain the state of user (like login , previous activities on website etc) to maintain the state there are three way-
- hidden form field
- get variables (url variables)
For some functions we can use first 2 methods (hidden form field and url ) but they are very limited and depends on client side. To solve this we do use sessions & cookies.
Sessions are made up of two components, a client-side session ID and server-side session data.
client-side session ID:
When client do send request to server, it have to tell the server that my session id is ### , It can be done by the help of cookie, or by Url parameter, or by http header, So when client sends http request to server it attaches cookie with request, or pass the session id with URL.
server-side session data:
after getting the session_id from client side , server search that session id in session storage and then recognize the user .
So cookies are used just to hold the sessoin_id at client side, and session is stored at server side.
Session Generation & Session Hijacking:
Till now, we have read that how session works, now let understand how php/java uses session to hold user specific data.