Chapter 13. User Authentication and Session Security
We all know that HTTP is the Web protocol, the protocol by which browsers and Web servers communicate. You’ve also almost certainly heard that HTTP is a stateless protocol. The rumors are true: HTTP maintains no state from request to request. HTTP is a simple request/response protocol. The client browser makes a request, the Web server responds to it, and the exchange is over. This means that if I issue an HTTP
GET to a Web server and then issue another HTTP
GET immediately after that, the HTTP protocol has no way of associating those two events together.
Many people think that so-called persistent connections overcome this and allow state to be maintained. Not true. Although the connection remains ...