Session Tracking Explained
Keeping track of which requests come from the same user isn’t as easy as it may look. As described in Chapter 2, HTTP is a stateless, request-response protocol. This means that the browser sends a request for a web resource, and the web server processes the request and returns a response. The server then forgets this transaction ever happened. So when the same browser sends a new request; the web server has no idea that this request is related to the previous one. This is fine as long as you’re dealing with static files, but it’s a problem in an interactive web application.
There are two ways to solve this problem, and they have both been used extensively for web applications with a variety of server-side technologies. The server can either return all information related to the current user (the client state) with each response and let the browser send it back as part of the next request, or it can save the state somewhere on the server and send back only an identifier that the browser returns with the next request. The identifier is then used to locate the state information saved on the server.
In both cases, the information can be sent to the browser in one of three ways (Figure 10-5 outlines these methods):
As a cookie
Embedded as hidden fields in an HTML form
Encoded in the URLs in the response body, typically as links to other application pages (this is known as URL rewriting)
A cookie is a name/value ...
Get JavaServer Pages, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.