Session tracking in the Web

First, what is called session tracking

The process of recording the different access requests that a user has logically associated over time is called "session tracking ." A session can be tracked by a user's unique identity each time a service request is requested.

Second, the cause of the session tracking

We all know that Internet Communication protocol can be divided into stateful protocol and stateless protocol, and our Access HTTP protocol on WWW is a stateless protocol that cannot associate one request of a user with another. How can we add products when we shop online?! While a session can be viewed as an object that is associated with a single user, session tracking technology can help each user with specific data in a Web application, but it can also distinguish between different users ' data in the same Web application, So that we can make our shopping cart have the products we have selected.

Third, the importance of session tracking

Session tracking is especially important for today's e-commerce Web sites, and is especially important for some sites that can be customized. If we buy something at Amazon, we know: this time, the next time we visit Amazon, most of the products we bought were in the same category or similar to the last one we purchased. This is achieved because the last time we purchased the product information was "tracked ".

Iv. mechanism of realizing session tracking

1.Cookies

2.URL Rewriting

3. Hidden form fields

4.session mechanism

Cookies

Cookies are the most widely used session tracking mechanism, wherecookies are created by a server and stored on a hard drive on the user's machine, and the next time the user accesses the site server, the hard disk on the user's machine The cookie information is sent back to the server. General cookies generally do not exceed 4KB, and users ' sensitive information such as credit card account passwords should not be stored in cookies.

URL rewriting

URL Heavy user appended to the end of each URL identified data, the server associated with the identifier to save data about the session, such as when we visit a news, in the address bar we generally see this information:http://www. Xxx.com/news?id=??, The question mark that follows the usual ID indicates the ID of the news sheet in the background database for that piece of news . URL rewriting can still work when the client deactivates cookies or does not support cookies.

Hide form fields

In general, when we use hidden form fields in the form, there is a code:<input type= "hidden" name= "xxx" value= "xxx"/>. by Assigning a value of type to the hidden value to be hidden, the user cannot see the data of this line of code while browsing, but the user can see it by looking at the source code.

Session mechanism

This mechanism should be used with caution, especially for sites with a large number of visits, because this mechanism is to save the session information on the server side. If the traffic is particularly large, it is conceivable that the requirements for the server's endurance are high.

V. Summary

In today's era of more and more emphasis on personalized services,Web session tracking technology is becoming increasingly important, but the network era of information security is more and more important, in the end choose what kind of conversational mechanism, can not generalize, but personally think: first of all, the first consideration is the security of information, followed by the load capacity of the server.

Session tracking in the Web