December 2011
Beginner
384 pages
9h 38m
English
Content preview from Web Application Security, A Beginner's GuideBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Session Management Fundamentals
So far we have mentioned sessions and session management several times, without explicitly defining what those things are and what you’re supposed to do about them. Time to fix that. We’ll divvy the subject up into the what, why, and how of sessions and session management.
What’s a Session?
A session, in its broad theoretical sense, is simply a means for tracking a single user’s interactions with the web application. HTTP is a stateless protocol, which is fine for static web sites that don’t care who anybody is, but which doesn’t work for interactive web applications. A modern web application needs a mechanism for identifying the stream of requests generated by each individual user amid the requests from other ...