HTTP is a stateless protocol. That means it doesn’t contain any information regarding the client, where it’s coming from. So it’s hard for Web Server to know whether it’s a request from a new user or not. This behavior can cause many problems.
For example, suppose a user has logged into a site. Now he wants to go to a particular section which is on another page then he would be required to login again as the requested page would be a login-protected page and the Web Server doesn't know if the user requesting this page is the one who is already logged in or if it's a new user. Therefore, to overcome this problem, session tracking is introduced. So session tracking is the process to maintain the important information of a client as a session.
Types: there are 3 ways to track a session.
1. using cookies,
2. using URL rewriting, and
3. using hidden form fields.
Using Cookies:
· Cookies are stored in client-side, generally in web browser’s cache.
· Cookie object contain the important information regarding a particular session.
· It contains a unique Session ID, which helps the Web Server to track and fetch the information regarding a client’s session.
· A time-period of a cookie can be set.
· A client can enable/disable the cookie option from the browser.
Using URL Rewriting:
· In this process, some data containing the user details is appended on the end of the URL and send to the Web Server.
· This data is used to identify the session by the Server and it sorted it as a particular session.
· In this case, session info is saved in the server side, so its work even a client disabled cookies.
Using Hidden Form Fields:
· This is another method to track a session, where the data travels throughhidden form fields.
· In HTML forms, there is an entry (<INPUT TYPE="HIDDEN" NAME="session" VALUE="...">) in which, the specified name and value are included in the GET or POST data.
· Here, if you choose GET, the info can be seen, so it’s a bit problem in case of security.
· This way is only works, if all the pages are dynamic in nature.
No comments:
Post a Comment