Session (computer science)

from Wikipedia, the free encyclopedia

A session ( English session ) referred to in the EDP a standing connection of a client to a server (see also client-server system ) . The beginning of a session is called login , the end is called logout .


In the World Wide Web, there are no permanent connections between client and server with stateless protocols (e.g. HTTP ). There is also no data ( IP address , client ID) with which a visitor could be clearly identified. Therefore a session can only be implemented on the application layer.

When a client on every access to a web server a unique session ID transfers can (otherwise unrelated) accesses to a (contiguous) session (English session ) are combined.

Through a session can session data are associated with a user. Session data is stored on the server side and is often required for more complex transactions . An example of session data is the content of a virtual shopping basket when visiting an e-shop . Minimal session data consists only of the session ID.

A session can be started for any visitor who cannot be assigned to an existing session. Such an “anonymous” session also begins without an explicit login, for example to follow the movements of the visitor to a website. In a web shop, the anonymous visitor can already use the shopping cart. The session is only "personalized" when an order is placed. B. linked to the name and address of the visitor.

Depending on the transmission path of the session ID or the purpose of the session, it can also be ended without explicit logout. A session is then ended on the server side after a timeout , whereby the session data is either deleted or marked accordingly.

HTTP cookies are preferred for longer sessions (days or weeks) because they save the session ID on the client side.

If the user's HTTP requests for server load distribution are distributed over different servers, the assigned server must be able to continue the session. This can be done by saving in cookies, but also by permanently assigning one of the servers to the session. The latter is referred to as the affinity of server and session (English session affinity or server affinity ).


Possible attack methods on a session are described under Session Hijacking and Session Fixation .

See also

Individual evidence

  1. 6.3: Options for saving the session state - excerpt from patterns for enterprise application architectures (page 103) at Google Books (accessed on: June 25, 2012)