Session Management-0.1. Session Tracking

1. What is session tracking?

Session tracking is a common technique used in Web programs to keep track of a user's entire session.

In the program, session tracking is a very important thing. Theoretically, all request actions for one user should belong to the same session, and all request actions for another user should belong to another session, and they should not be confused. For example, any item that user a buys in a supermarket should be placed in A's shopping cart, regardless of when user a buys it, it belongs to the same session and cannot be placed in User B or User C's shopping cart, which is not part of the same session.

2. Why do I need session tracking?

A Web application transmits data using the HTTP protocol. The HTTP protocol is a stateless protocol, and once the data exchange is complete, the client-server connection is closed, and exchanging the data again requires establishing a new connection. This means that the server is unable to track the session from the connection. That is, user a purchases a product into the shopping cart, and when the product is re-purchased, the server is unable to determine whether the purchase is a session of user A or User B. To track this session, you must introduce a mechanism.

3. Image metaphor for session tracking

We all know the bank, the bank's reception desk to receive customer deposit/withdrawal business every day, there are several options:

• Thanks to the memory of the counter clerk

from the clerk to the cashier to transact the deposit/withdrawal business for each customer, the staff's memory, to remember the appearance of each customer, and quickly the customer's current deposit and access to the number of times, the amount of each access. ----------- This way indicates that the protocol itself supports states .

• How to use the Passbook

using the Passbook, the clerk then keeps the deposit/withdrawal information of each customer in this Suriko, which is then handed to the customer for safekeeping, and when the customer comes to deposit/withdraw, as long as the passbook is taken out, the clerk views the passbook to see the current customer's deposit/withdrawal information at a glance. Of course, you will soon think, how do customers change this information? We also have measures to stamp each deposit/withdrawal record behind. No stamp is counterfeit information. But if the customer is really going to forge, of course the seal can also be forged. ------------- This way is to keep the state on the client .

• How to use a bank card

using a bank card, issued to each bank User a bank card, the bank card has a unique card number, no other information, when the customer to deposit/withdraw, take out the bank card, the bank to enter the card number of the computer, will soon display the current user's deposit/withdrawal record. The security of this approach will be greatly improved. It can be difficult for users to modify their own deposit/withdrawal information only by breaking the bank's server. --------- This way is the server-side hold state .

4. How do I track a session?

Cookies are such a mechanism that can compensate for the lack of state of the HTTP protocol. Before the session, basically all websites use cookies to track conversations.

Later in the Web application also often use session to record the client state, the session is a server-side use of a record client state mechanism, using more than the cookie is simpler, but the corresponding increase the storage pressure of the server.

From for notes (Wiz)

Session Management-0.1. Session Tracking