Remembering Users (Cookies and Sessions)

Hypertext Transfer Protocol (HTTP) is a stateless protocol. To say it in a simple way: A client (web browser) connects to a web server, sends a request, and gets a response. Then, the connection is closed. The consequence is the next time the same client sends a request to the same web server, it is a new request, so the web server cannot identify the caller.

This is, of course, a problem for applications in which state must be maintained, for instance e-commerce applications with a shopping-cart functionality.

However, you can overcome this limitation in several ways. The basic idea is to send some information with the HTTP response; to try to achieve that, this information is sent back with all subsequent requests to that server. The following possibilities exist:

  • Sending the data via POST (that is, a form is required each time)
  • Sending the data via GET (that is, by appending this information to the request's uniform resource locator [URL])
  • Sending the data as part of the HTTP header (in the form of a cookie)

In real-world projects, one of two methods is used: sessions (via GET or cookies) and cookies.