Support for user sessions
There are protocols that support the state interaction with the client from the initial message (the beginning of the session) and to the message of completion. Examples of such protocols are FTP, SMTP and POP. HTTP is a protocol without state support ( stateless ) , t. With. The web server does not store data associated with the user's requests. Unlike the above protocols, each exchange of HTTP messages consists of one request and one response (a single HTTP transaction). Thus, the HTTP protocol does not require clients and servers to maintain the state (data) between transmitted messages.
However, web applications often need to support the session state, that is, store the data sent in a single request on the server so that they can be used to process subsequent requests in a given session.
In order to support the state between HTTP requests, it is necessary to have some way (for the interaction participants) to send links to information about the state of the session in HTTP requests. The HTTP/1.1 protocol allows you to do this with the help of cookies, which are performed using the Set-Cookie and Cookie headers.
The Set-Cookie response header is sent by the server to the browser, and it contains status information or a session ID that refers to the state stored on the server side.
The response header of the cookie is sent by the browser in subsequent requests to the same server (or associated server). It contains either elements of the state information itself, or links to the session ID , which helps you link the requests to the state of the current session. Web applications can use the Set-Cookie header as follows:
Set-Cookie: & lt; name & gt; = & lt; value & gt;
[; Max-Ade = & lt; value & gt;] [; Expires = & lt; AaTa & gt;]
[; Pa = = & lt; path & gt;] [: Domain = & lt; MMa domain & gt;]
[; Secure] [; Version = & lt; eepcna & gt;]