- Web application servers are generally "stateless":
- Each HTTP request is independent; server can't tell if 2 requests came from the same browser or user.
- Web server applications maintain no information in memory from request to request (only information on disk survives from one request to another).
- Statelessness not always convenient for application developers: need to tie together a series of requests from the same user.
Last active
August 1, 2018 09:05
-
-
Save amelieykw/17707c8452ae1b1a8851522adf0d23b8 to your computer and use it in GitHub Desktop.
[Cookies and Sessions] #Cookie #Session
-
Cookies are used by the server to implement sessions:
- A pool of data related to an active connection (one browser instance).
-
Typically the cookie for an application contains an identifier for a session.
-
Web frameworks like Rails do most of the work of managing sessions and cookies:
- Rails provides session, a hash-like object in which you can store anything you like
- Data will be available in all future requests from the same browser.
- Rails automatically checks for a session cookie at the start of each request:
- Cookie exists? use it to find session data
- No cookie? Create new session, new cookie
- End of each request: save session data where it can be found by future requests.
- Rails provides session, a hash-like object in which you can store anything you like
-
Managing session state:
- Approach #1: just keep state in main memory
- Approach #2: store session state in files on disk
- Approach #3: store session state in a database
- Most frameworks allow you to control session storage:
- Provide an object that saves and restores session data.
-
Server must eventually delete stale session data.
-
Sessions have numerous security issues, which we will discuss later.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment