Session (computer science)
A session (English session) referred to in the computer an active connection from a client to a server (see also client - server system). The beginning of a session is referred to as login, logout as the end.
Internet
On the World Wide Web, there are at stateless protocols (eg HTTP) no standing connections between client and server. There are also no data (IP number, identification of the client ) with which a visitor could be clearly identified. Therefore, a session can be implemented only at the application layer.
When a client transmits a unique session ID each time you access a web server, can (otherwise unrelated ) hits a ( contiguous ) session are summarized (English session).
Through a session session data can be assigned to a user. Session data is stored on the server and are often required for more complex transactions. An example of session data is the content of a virtual shopping basket 's worth of e-shops. Minimum session data consists only of the session ID.
A session can be started for each visitor who can not be assigned to an existing session. Such an "anonymous" session begins without explicit Login to track, for example, the movements of the visitor of a website. In a webshop anonymous visitor can already use the cart. It was only when ordering the session is "personalized", ie, linked for example with the name and address of the visitor.
Depending on the transmission of session ID or the purpose of the meeting, it can also be terminated without explicit logout. A session is then terminated on the server side after a timeout, the session data will be either deleted or marked accordingly.
For longer sessions ( over days or weeks ) HTTP cookies are preferably used because they store the session id on the client side.
If the user for server load balancing HTTP requests distributed to different servers, each of the assigned servers must be able to continue the session. This can be done by storing in cookies, but also by fixed allocation of the server to the session. The latter is called affinity of server and session (English session affinity or server affinity ) refers.
Security
Possible attack on a meeting are described in session hijacking and session fixation.