Home

Sessions

Sessions are a mechanism in computing to preserve state across multiple requests in stateless protocols such as HTTP. A session represents a semi-permanent association between a user (or other client) and a server, allowing the system to remember information from one interaction to the next, such as authentication status, user preferences, or items in a shopping cart. The concept enables features that require continuity across separate requests.

Creation and lifecycle: A session typically starts when a user authenticates or when first interacting with

Storage and implementation: Session data can be stored server-side in memory or persistent stores, such as a

Security and management: Proper session management mitigates risks such as session hijacking and fixation. Measures include

See also: authentication, cookies, tokens, session store, session management.

an
application,
and
the
server
issues
a
session
identifier
that
the
client
stores,
usually
in
a
cookie.
On
subsequent
requests,
the
server
loads
the
corresponding
session
data.
Sessions
have
a
timeout
and
may
be
invalidated
by
logout,
user
inactivity,
or
policy-based
expiration.
database
or
in-memory
data
stores
like
Redis.
The
client
often
holds
only
a
session
identifier,
reducing
data
exposed
to
the
client.
Some
architectures
use
stateless
tokens,
such
as
JSON
Web
Tokens,
where
the
token
carries
necessary
state
and
the
server
does
not
retain
per-user
data
between
requests.
using
secure
and
HttpOnly
cookies,
SameSite
attributes,
rotating
session
IDs
on
login,
and
implementing
reasonable
expiration.
In
clustered
environments,
session
data
may
be
replicated
or
centralized
to
maintain
consistency.
In
practice,
the
term
can
also
refer
to
a
period
of
activity
in
non-web
contexts,
such
as
a
meeting,
a
class
session,
or
a
therapy
session.