Monday, February 11, 2013

What is Session in computer World? Magic Cookies

What is Session?
HTTP communicates with lot of TCP connections, Server should create unique identifer for each Connection.

A Session is a unique identifier that is generated and sent to the client from a server in order to identify the Current Interaction Session.

Whenever you visit a webpage or login to website, the server will store the data about you in your system as a cookie.  This cookies will help to identify you.

For example , you are login to  when you login to your account, a cookie will be generated and stored in your local system.   if you click the logout, cookies will be destroyed.

Software Implementation:
TCP sessions are implemented using Multi threading concept. Whenever session is generated , a new thread will be created.

HTTP sessions are typically not implemented using one thread per session, but by means of a database with information about the state of each session.

Server side web sessions:

The sessions are stored in Server Machine.

Client side web sessions:
Client-side sessions use cookies .  This will reduce the server side storage.

This is best method but there is one drawback.  Sessions stored in client is vulnerable to tampering by the hackers.   This can be overcome by encrypting the session(but hackers are able to decrypt it also).

HTTP session token

The client usually stores and sends the token as an HTTP cookie and/or sends it as a parameter in GET or POST queries.

The reason to use session tokens is that the client only has to handle the identifier. All session data is stored on the server (usually in a database, to which the client does not have direct access) linked to that identifier.
Magic cookie
is simply a cookie that is used to authenticate the user on remote server or simply computer. In general, cookies are used to maintain the sessions on the websites and store the remote address of the website.

No comments:

Post a Comment