Session Management Fundamentals
So far we have mentioned sessions and session management several times, without explicitly defining what those things are and what you’re supposed to do about them. Time to fix that. We’ll divvy the subject up into the what, why, and how of sessions and session management.
What’s a Session?
A session, in its broad theoretical sense, is simply a means for tracking a single user’s interactions with the web application. HTTP is a stateless protocol, which is fine for static web sites that don’t care who anybody is, but which doesn’t work for interactive web applications. A modern web application needs a mechanism for identifying the stream of requests generated by each individual user amid the requests from other ...
Get Web Application Security, A Beginner's Guide now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
