Support for user sessions - Design and development of web applications

Support for user sessions

There are protocols that support the state interaction with the client from the initial message (the beginning of the session) and to the message of completion. Examples of such protocols are FTP, SMTP and POP. HTTP is a protocol without state support ( stateless ) , t. With. The web server does not store data associated with the user's requests. Unlike the above protocols, each exchange of HTTP messages consists of one request and one response (a single HTTP transaction). Thus, the HTTP protocol does not require clients and servers to maintain the state (data) between transmitted messages.

However, web applications often need to support the session state, that is, store the data sent in a single request on the server so that they can be used to process subsequent requests in a given session.

In order to support the state between HTTP requests, it is necessary to have some way (for the interaction participants) to send links to information about the state of the session in HTTP requests. The HTTP/1.1 protocol allows you to do this with the help of cookies, which are performed using the Set-Cookie and Cookie headers.

The Set-Cookie response header is sent by the server to the browser, and it contains status information or a session ID that refers to the state stored on the server side.

The response header of the cookie is sent by the browser in subsequent requests to the same server (or associated server). It contains either elements of the state information itself, or links to the session ID , which helps you link the requests to the state of the current session. Web applications can use the Set-Cookie header as follows:

Set-Cookie: & lt; name & gt; = & lt; value & gt;

[; Max-Ade = & lt; value & gt;] [; Expires = & lt; AaTa & gt;]

[; Pa = = & lt; path & gt;] [: Domain = & lt; MMa domain & gt;]

[; Secure] [; Version = & lt; eepcna & gt;]

The & lt; name & gt; = & lt; value & gt; is sent by the browser back to the sending server in subsequent requests. The Max-Age attribute specifies the maximum time that a given cookie can be used (in seconds). The Expires attribute is an outdated (no longer recommended) way to determine the lifetime of a given cookie by specifying the end date for its use. The Path and Domain attributes specify the boundaries of the use of cookies, ie, for which server domains and URL paths this cookie should be used. The Secure attribute tells the browser to send subsequent cookie headers over the encrypted connection. Finally, the Version attribute indicates the version of the state management specification.

thematic pictures

Ошибка в функции вывода объектов.