Thursday, 9 February 2012
Do you like this Article?
HTTP is a stateless protocol. That means it doesn’t contain any information regarding the client, where it’s coming from. So it’s hard for Web Server to know whether it’s a request from a new user or not. This behavior can cause many problems.
Web Server doesn't know if the user requesting this page is the one who is already logged in or if it's a new user. Therefore, to overcome this problem, session tracking is introduced. So session tracking is the process to maintain the important information of a client as a session.
Types: there are 3 ways to track a session.
1. using cookies,
2. using URL rewriting, and
3. using hidden form fields.
· Cookies are stored in client-side, generally in web browser’s cache.
· Cookie object contain the important information regarding a particular session.
· It contains a unique Session ID, which helps the Web Server to track and fetch the information regarding a client’s session.
· A time-period of a cookie can be set.
· A client can enable/disable the cookie option from the browser.
Using URL Rewriting:
· In this process, some data containing the user details is appended on the end of the URL and send to the Web Server.
· This data is used to identify the session by the Server and it sorted it as a particular session.
· In this case, session info is saved in the server side, so its work even a client disabled cookies.
Using Hidden Form Fields:
· This is another method to track a session, where the data travels through hidden form fields.
· In HTML forms, there is an entry (<INPUT TYPE="HIDDEN" NAME="session" VALUE="...">) in which, the specified name and value are included in the GET or POST data.
· Here, if you choose GET, the info can be seen, so it’s a bit problem in case of security.
· This way is only works, if all the pages are dynamic in nature.