HTTP Session Management


HTPP is a sessionless protocol. Each GET request is handled by

This is expensive for multi-document pages such as those with image or frames: each URL is handled by a separate request.

HTTP 1.1

HTTP 1.1 attempts to solve some problems caused by this

Session management

Stateful server

In a client-server application, the server may keep state information

Stateless server

In a client-server application, the server may be stateless, with the client keeping state

Static Web documents

Neither side needs to keep state - HTTP 1.0 is designed for this

CGI Applications

Web Applications

State information

A browser can keep state information in


Passing cookies from server to browser

Retrieving cookie from browser

Problems with cookies

Hidden Form Fields

URL rewriting


Challenge/Response Plus/Minus

Jan Newmarch (
Last modified: Tue Aug 15 13:54:38 EST 2000
Copyright ©Jan Newmarch