Sessions & cookies

Hi there,

I’m new to web app. development and despite reading about sessions & cookies many times over, I still don’t understand how & why they are used in a web app.

Could someone please put both these aspects to be bed for me, finally?

Real world examples would be greatly appreciated - just to show why & how they are used.

Thank-you in advance.

Regards,
Darren

Typically there is one session per active user. This gives you a place to put properties whose values are specific to each individual user. Things like user ids or usernames so you can look up other values at runtime.

Cookies are used to provide data persistence between uses of your app. For instance, you could set a cookie containing the user’s username so that the next time they come to your web app, you could automatically set the username Field for them. The values of cookies are stored on the user’s computer.

[quote=395352:@Darren Logan]Hi there,

I’m new to web app. development and despite reading about sessions & cookies many times over, I still don’t understand how & why they are used in a web app.

Could someone please put both these aspects to be bed for me, finally?

Real world examples would be greatly appreciated - just to show why & how they are used.

Thank-you in advance.

Regards,
Darren[/quote]
Take a look here with full explanations for each sector about Cookies
Read the first page and after go to the TOP and jump to Creating cookies & SecurityTracking & privacy
With examples

Thanks guys, but a real-world scenario would be very useful.

How much data can you store in a cookie? Is it ~4kb?

Let’s say we have a test web app where the user selects his/her favourite foods & the app must remember the choices for future visits.
Is a cookie a good place to store this info.?
What makes us choose between storing data in a cookie rather, say, a database or txt file?

Where sessions are concerned; why do you need to differentiate between sessions? why do we need session-specific variables & id?

Look at the Eddies Electronics example file for specific examples.

A cookie is stored in a specific web browser on a specific computer (although some newer browsers will sync them between devices).

You won’t be able to read the cookie for a user if ANY of the following are true:

  • They’re using a different browser this time.
  • They’re using a different computer or device (unless using one of the latest browsers that syncs across devices).
  • They’ve cleared the cookies in their browser.

Don’t use cookies for storing ‘permanent’ data since you have no control over when it might disappear.

Permanent stuff needs to be on the server (usually in a database).

When a user connects to a web app from a web browser, a “session” is created in memory on the server. It has information such as:

  • a unique ID, for distinguishing between that session and other sessions
  • what kind of web browser they are using (as reported by the browser)
  • what operating system they are running (as reported by the browser)
  • the IP address they are connecting from
  • what page of the site they currently have open
  • All the variable values that you want to track per user as part of your application’s logic–maybe none, maybe hundreds depending on your app (values they’ve filled in on forms, permissions, history, etc.)

Unless you explicitly save data from the session to a database or file, the session ceases to exist (and all of its info is lost) as soon as the user disconnects or the server shuts down (which also disconnects the user).

Seth - brilliantly explained… seriously.

Most of what you have written is stored in my memory from other sources, but it’s got a little jumbled up along the way.

Your posts have clarified the situation(s) perfectly.

Thank you very, very much. High-five!

If the user have disable the cookies then you got nothing.
Disable cookies on your web browser from being stored in your computer for privacy reasons, or other reasons

[quote]what kind of web browser they are using (as reported by the browser)
what operating system they are running (as reported by the browser)[/quote]
IF the user disable tracking info the above and many more want work…

[quote=395585:@Loannis Kolliageorgas]If the user have disable the cookies then you got nothing.
Disable cookies on your web browser from being stored in your computer for privacy reasons, or other reasons

IF the user disable tracking info the above and many more want work…[/quote]
Actually, disabling cookies won’t prevent detection of these two things. They’re pulled from the user-agent string… and while they can be spoofed, they cannot be completely omitted because your web app will disallow any browser that doesn’t meet its criteria based on this info (unless you override the UnsupportedBrowser event).