Sessions and Cookies
One very important concept that all Web-Developers must know of is Sessions. Now most of us may already be familiar with the term, but read on to know what is it exactly and why do we need them so much.
Let's start off by understanding a little bit about HTTP requests. But before that please make sure you have an Idea of Servers, Clients, and Browsers.
An HTTP request is made by your browser whenever you connect to a Website or a Web-app. Whenever an HTTP request is made by the browser the following happens:
The problem is: If every HTTP request is independent, how does a user ‘stay logged in’ to a Web-app.
The solution to this problem of how to keep people logged in is called a Web-Session or simply a Session.
The server sends a random String to the browser with the HTTP response. This string is called a Session ID. The server saves the users session with Session-ID before sending it to the user's browser. The Session ID must be somehow sent back to the server with every subsequent HTTP request. Now, whenever the Web-app gets a request with a particular Session ID it knows that the request was sent by a logged in user and using the Session-ID it can also find out which user.
But how will we make the browser send this Session ID back to the server every time it makes a request?
Well, we can write client side Javascript code send it to us as:
But a more popular way to do this is using Cookies. Cookies are special HTTP headers, that once set, the browser will keep sending along with every subsequent request to that server. So we can simply ask the user's browser to set a cookie for our Web-App with the session ID of the user.
Now there are some basic properties of a cookie:
Now, I hope that clears the concept of Sessions and Cookies for you all. If you have any more doubts please feel free to comment them.
Let's start off by understanding a little bit about HTTP requests. But before that please make sure you have an Idea of Servers, Clients, and Browsers.
An HTTP request is made by your browser whenever you connect to a Website or a Web-app. Whenever an HTTP request is made by the browser the following happens:
- An HTTP connection is opened.
- A URL, headers, and request body (if required) are sent.
- The server responds with an HTTP response: status_code, headers and response body.
- The HTTP connection is closed.
The problem is: If every HTTP request is independent, how does a user ‘stay logged in’ to a Web-app.
 |
| Click on the image to enlarge |
The solution to this problem of how to keep people logged in is called a Web-Session or simply a Session.
The server sends a random String to the browser with the HTTP response. This string is called a Session ID. The server saves the users session with Session-ID before sending it to the user's browser. The Session ID must be somehow sent back to the server with every subsequent HTTP request. Now, whenever the Web-app gets a request with a particular Session ID it knows that the request was sent by a logged in user and using the Session-ID it can also find out which user.
 |
| Click on the image to enlarge |
But how will we make the browser send this Session ID back to the server every time it makes a request?
Well, we can write client side Javascript code send it to us as:
- As a part of request Header
- As a GET parameter
- As a part of the request body
But a more popular way to do this is using Cookies. Cookies are special HTTP headers, that once set, the browser will keep sending along with every subsequent request to that server. So we can simply ask the user's browser to set a cookie for our Web-App with the session ID of the user.
Now there are some basic properties of a cookie:
- Cookies are tied to a specific domain or IP-address.
- Cookies have an expiry.
- A server can request the client to set a cookie with a particular name and value.
- The client may or may not decide to respect that. Some clients (Mostly the ones that are not standard browsers) don't even support cookies.
- If the client does agree, then the cookie is set and the browser sends the cookie header that contains the name and value with every HTTP request to that Domain or IP-address.
Now, I hope that clears the concept of Sessions and Cookies for you all. If you have any more doubts please feel free to comment them.
Comments
Post a Comment