The HTTP protocol is stateless. Any given request has no information about previous requests. For a server, this means that determining whether two requests originated from the same browser is not possible without further work. That's fine for general information, but targeted interactions require a user to be verified via some sort of unique identifier. A uniquely identified client can then be served targeted content—from lists of friends to advertisements.

This semipermanent communication between a client (often a browser) and a server persists for a period of time—at least until the client disconnects. That period of time is understood as a session. An application that manages sessions must be able to create a unique user session ...