mehikmat/web_stuffs

## web_stuffs
What is web Session?
--------------------
- An abstract concept to represent a series of HTTP requests and responses
  between a specific web browser and server. HTTP doesn't support the
  notion of a session.
- A session's data is stored on the server (only 1 session per client)
- Sessions are often built on top of cookies.
- The only data the client stores is a cookie holding a unique session ID
- And on each page request, the client sends its session ID cookie, and the
 server uses  this to find and retrieve the client's session data

What is Cookie?
----------------
- A cookie is data stored on the client
- **Session Cookie:** the default type; a temporary cookie that is stored only in the browser's memory when the browser is closed, temporary cookies will be erased
can not be used for tracking long-term information safer, because no programs other than the browser can access them
- **persistent cookie:** one that is stored in a file on the browser's computer
can track long-term information potentially less secure, because users (or programs they run) can open cookie files, see/change the cookie values, etc.

Client/Server communication
----------------------------
- Client's browser makes an initial request to the server
- Server notes client's IP address/browser, stores some local session data, and sends a   session ID back to client
- client sends that same session ID back to server on future requests
- server uses session ID to retrieve the data for the client's session later, like a   ticket given at a coat-check room


Where is stored session data?
----------------------------
- On the client, the session ID is stored as a cookie with the name PHPSESSID/JSESSIONID/ASPSESSIONID
- On the server, session data are stored as temporary files such as /tmp/sess_fcc17f071...
- You can find out (or change) the folder where session data is saved using the session_save_path function
- For very large applications, session data can be stored into a SQL database (or other destination) instead using the session_set_save_handler function


What is session time out ?
------------------
- Because HTTP is stateless, it is hard for the server to know when a user
 has finished a session
- Ideally, user explicitly logs out, but many users don't client deletes
  session cookies when browser closes
- Server automatically cleans up old sessions after a period of time
old session data consumes resources and may present a security risk
adjustable in PHP/JAVA/ASP server settings

How HTTP is stateless ?
------------------------
- HTTP is a stateless protocol, which means that the connection between the browser and the server is lost once the transaction ends.
- For each request, client makes new connection to server
	What is web Session?
	--------------------
	- An abstract concept to represent a series of HTTP requests and responses
	between a specific web browser and server. HTTP doesn't support the
	notion of a session.
	- A session's data is stored on the server (only 1 session per client)
	- Sessions are often built on top of cookies.
	- The only data the client stores is a cookie holding a unique session ID
	- And on each page request, the client sends its session ID cookie, and the
	server uses this to find and retrieve the client's session data

	What is Cookie?
	----------------
	- A cookie is data stored on the client
	- Session Cookie: the default type; a temporary cookie that is stored only in the browser's memory when the browser is closed, temporary cookies will be erased
	can not be used for tracking long-term information safer, because no programs other than the browser can access them
	- persistent cookie: one that is stored in a file on the browser's computer
	can track long-term information potentially less secure, because users (or programs they run) can open cookie files, see/change the cookie values, etc.

	Client/Server communication
	----------------------------
	- Client's browser makes an initial request to the server
	- Server notes client's IP address/browser, stores some local session data, and sends a session ID back to client
	- client sends that same session ID back to server on future requests
	- server uses session ID to retrieve the data for the client's session later, like a ticket given at a coat-check room


	Where is stored session data?
	----------------------------
	- On the client, the session ID is stored as a cookie with the name PHPSESSID/JSESSIONID/ASPSESSIONID
	- On the server, session data are stored as temporary files such as /tmp/sess_fcc17f071...
	- You can find out (or change) the folder where session data is saved using the session_save_path function
	- For very large applications, session data can be stored into a SQL database (or other destination) instead using the session_set_save_handler function


	What is session time out ?
	------------------
	- Because HTTP is stateless, it is hard for the server to know when a user
	has finished a session
	- Ideally, user explicitly logs out, but many users don't client deletes
	session cookies when browser closes
	- Server automatically cleans up old sessions after a period of time
	old session data consumes resources and may present a security risk
	adjustable in PHP/JAVA/ASP server settings

	How HTTP is stateless ?
	------------------------
	- HTTP is a stateless protocol, which means that the connection between the browser and the server is lost once the transaction ends.
	- For each request, client makes new connection to server