Chapter 13. User Authentication and Session Security
We all know that HTTP is the Web protocol, the protocol by which browsers and Web servers communicate. You’ve also almost certainly heard that HTTP is a stateless protocol. The rumors are true: HTTP maintains no state from request to request. HTTP is a simple request/response protocol. The client browser makes a request, the Web server responds to it, and the exchange is over. This means that if I issue an HTTP GET
to a Web server and then issue another HTTP GET
immediately after that, the HTTP protocol has no way of associating those two events together.
Many people think that so-called persistent connections overcome this and allow state to be maintained. Not true. Although the connection remains ...
Get Advanced PHP Programming now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.