SESSION AND COOKIES

WEB ENGINEERING
WHAT IS A SESSION?

• A session starts when a user accesses a web application and ends when the
user closes the browser, logs out, or after a period of inactivity (timeout).

• During a session, the server and client (usually a web browser) exchange
information to maintain the state of the user's interactions.
HOW SESSIONS WORK:

• When a user first accesses a web application, the server generates a unique session
identifier (usually a session ID).
• This session ID is typically stored as a cookie on the client side or passed in URLs.
• With each subsequent request, the client sends this session ID to the server, allowing the
server to identify the user and retrieve their session data.
• Session data can include information such as user preferences, shopping cart contents,
authentication tokens, etc.
• The server stores this session data either in memory, on disk, or in a database.
SESSION MANAGEMENT:

• Session management involves controlling and maintaining the lifecycle of sessions.

• This includes creating, updating, and destroying sessions as necessary.
• Session management techniques often include setting session timeouts to invalidate
sessions after a period of inactivity, preventing unauthorized access to session data.
• It also involves securely transmitting and storing session IDs to prevent session hijacking
or other security vulnerabilities.
• Sessions are just like cookies, except they store the user’s data on the web server.
Every request has a unique session id. Sessions are more reliable than cookies. Sessions
• Sessions is information that relates to a user and is stored on the server. A session will
no longer exist once the browser closes. Sessions do not have a size limit. Sensitive
information should be stored in the session. What is a Session User retrieves session
information User saves session information
ADVANTAGES OF SESSIONS:

• Personalization: Sessions allow web applications to remember user preferences and

provide personalized experiences.
• Stateful Interactions: Sessions enable stateful interactions, allowing users to maintain
context across multiple requests.
• Security: Sessions can be used to store authentication tokens securely, reducing the risk of
unauthorized access.
• Scalability: Session management techniques can be optimized for scalability, ensuring
that the application can handle a large number of concurrent users.
WHAT IS HTTP STATELESSNESS?

• HTTP is termed as stateless because each request from a client to the server is
independent and unrelated to previous or future requests.
• The server does not retain any information about the state of the client between requests.
• Once a response is sent back to the client, the server forgets everything about the request.
COOKIES

• Cookies are small pieces of data stored on a user's device by their web browser while
they are browsing a website.
• They play a fundamental role in enabling various functionalities on the web, ranging
from session management to personalization and tracking.
PURPOSE OF COOKIES:

• Session Management: Cookies are commonly used to manage user sessions. They help
in identifying users and maintaining their state across multiple page views or visits to a
website.
• Personalization: Websites use cookies to remember user preferences and settings, such
as language preferences, layout preferences, or items in a shopping cart.
• Tracking and Analytics: Cookies are often employed by website owners and third-party
services for tracking user behavior, measuring website performance, and delivering
targeted advertisements.
• Security: Cookies can also enhance website security by validating user identities,
preventing unauthorized access, and detecting suspicious activities.
TYPES OF COOKIES:

• Session Cookies: These cookies are temporary and are deleted once the user closes the browser.
They are typically used for session management purposes.
• Persistent Cookies: Persistent cookies remain on the user's device for a specified duration or
until manually deleted by the user. They are often used for long-term tracking, personalization,
and authentication.
• First-Party Cookies: First-party cookies are set by the website domain that the user is visiting.
They are primarily used for purposes such as session management and personalization.
• Third-Party Cookies: Third-party cookies are set by domains other than the one the user is
currently visiting. They are commonly used for tracking user behavior across different websites,
often for advertising and analytics purposes.
COOKIE ATTRIBUTES:

• Name: The name of the cookie, which is used to identify it.

• Value: The value associated with the cookie, containing the actual data stored.
• Domain: The domain of the website that the cookie belongs to. Cookies can be set to
apply to a specific domain and its subdomains.
• Path: The URL path for which the cookie is valid. It specifies the pages within the
domain to which the cookie should be sent.
• Expiration: The duration for which the cookie remains valid. It determines whether the
cookie is a session cookie or a persistent cookie.