Owing to the fact that HTTP is stateless - that is, any data you have stored is forgotten about when the page has been sent to the client and the connection is closed - it took a little work to find a solution to the problem. Eventually, Netscape put a solution into their browser known as "cookies" - tiny bits of information that a web site could store on the client's machine that were sent back to the web site each time a new page was requested. Each cookie could only be read by the web site that had written it, meaning that it was a secure way to store information across pages.
Cookies earned a bad name at first because they allowed people to track how often a visitor came to their site, what they did on the site, and such, and many people believed that cookies signalled the end of privacy on the web. Urban myths popped up in many places saying that cookies can read any information from your hard drive, and people were encouraged to disable cookies across the board. The reality is, of course, that cookies are relatively harmless, and are now commonly accepted.
Sessions grew up from cookies as a way of storing data on the server side, because the inherent problem of storing anything sensitive on clients' machines is that they are able to tamper with it if they wish. In order to set up a unique identifier on the client, sessions still use a small cookie - this cookie simply holds a value that uniquely identifies the client to the server, and corresponds to a data file on the server.
Topics covered in this chapter are:
How cookies and sessions compare
Which to use and when
How to use sessions
Using a database to store your sessions
Storing complex objects
Copyright ©2015 Paul Hudson. Follow me: @twostraws.