7 HTTP: a stateless protocol What are sessions?HTTP: a stateless protocolClient 1Web serverClient 2JoeMary123456
8 Why do we need sessions?A SESSION associates DATA with a USER for duration of their entire visite-commerceCUSTOM web pages for different users (users can log in to web database)
9 How to store session info 1. CookiesCookies store client-specific data on the clientN.B. client may reject cookie! Security issues? Max cookie size 4k2. Session filesSessions store client-specific data on the serverSessions are tagged with a unique session id
10 Cookies can be stored permanently or for a limited time A cookie is a small piece of text containing identifying informationSent by server to browser on first interactionSent by browser to the server that created the cookie on further interactionspart of the HTTP protocolServer saves information about cookies it issued, and can use it when serving a requestE.g., authentication information, and user preferencesCookies can be stored permanently or for a limited time
11 Session idsWeb serverJoeMary37953795Session IDSession ID
12 Session management PHP4 includes functions to: manage session data on the servergenerate random session ID to identify usersaves session ID:either with a cookie (N.B. session ID only) or in the query string
Your consent to our cookies if you continue to use this website.