Monday, December 8, 2014

Session Management

Stateful and Stateless


HTTP is stateless

Each request is treated as an independent transaction that is unrelated to any previous request.
Request attributes live on the request object. As soon as that request is gone, the attribute is gone.

Sessions are stateful


A session is a semi-permanent interactive information interchange, also known as a dialogue, between two or more communicating devices.

Should data be stored on the client side or server side?

You don't necessarily want to store data client side (in a cookie), because you don't want the client to manipulate that data. The solution is to store the data server side, and store the unique identifier to that data on the client. This becomes a stateful session.






References

  1. What are Sessions and how do they work?
    1. The user id is stored in the session data, server-side, after successful identification. Then for every HTTP request you get from the client, the session id (given by the client) will point you to the correct session data (stored by the server) that contains the authenticated user id.

No comments:

Post a Comment