What are sessions? How do they work?

Because HTTP is stateless, in order to associate a request to any other request, you need a way to store user data between HTTP requests.

Cookies or URL parameters ( for ex. like http://example.com/myPage?asd=lol&boo=no ) are both suitable ways to transport data between 2 or more request. However they are not good in case you don’t want that data to be readable/editable on client side.

The solution is to store that data server side, give it an “id”, and let the client only know (and pass back at every http request) that id. There you go, sessions implemented. Or you can use the client as a convenient remote storage, but you would encrypt the data and keep the secret server-side.

Of course there are other aspects to consider, like you don’t want people to hijack other’s sessions, you want sessions to not last forever but to expire, and so on.

In your specific example, the user id (could be username or another unique ID in your user database) is stored in the session data, server-side, after successful identification. Then for every HTTP request you get from the client, the session id (given by the client) will point you to the correct session data (stored by the server) that contains the authenticated user id – that way your code will know what user it is talking to.

Related Posts:

  1. What is an idempotent operation?
  2. What is dependency injection?
  3. What is a callback function?
  4. What are bitwise shift (bit-shift) operators and how do they work?
  5. What is the difference between a deep copy and a shallow copy?
  6. What is the difference between concurrency and parallelism?
  7. How Does Modulus Divison Work
  8. What is the difference between a framework and a library?
  9. What exactly is GUID? Why and where I should use it?
  10. What is an invariant?
  11. Prefer composition over inheritance?
  12. Why does cache locality matter for array performance?
  13. What does ‘foo’ really mean? [closed]
  14. Converting EBNF to BNF
  15. What and where are the stack and heap?
  16. What’s the difference between passing by reference vs. passing by value?
  17. What is ADT? (Abstract Data Type)
  18. Calculating a 2D Vector’s Cross Product
  19. What is stability in sorting algorithms and why is it important?
  20. Form submission: PHP S_SESSION statements within a foreach loop
  21. Sticky and NON-Sticky sessions
  22. Array versus linked-list
  23. How to access Session variables and set them in javascript?
  24. PHP Unset Session Variable
  25. Inheritance vs. Aggregation [closed]
  26. Is there an O(n) integer sorting algorithm?
  27. Create your own MD5 collisions
  28. How to set session timeout in web.config
  29. How to use my own custom session value in WordPress?
  30. Preventing session timeout
  31. How to share cookies and sessions between domain and subdomain?
  32. Destroy user sessions based on user ID
  33. Ban a user and end their session
  34. Enable WordPress Sessions
  35. Find out what is using PHP sessions in WordPress
  36. How to log out everywhere else, destroy all sessions “all other devices”?
  37. SESSION in WordPress Plugin Development
  38. Set Session Time Limit for Password Protected Posts
  39. Sessions not creating correctly in custom function
  40. Should I store my Facebook access tokens?
  41. How to get login data (session) outside WordPress?
  42. integrating external php library into wordpress- the right way
  43. How can I test the login for an expired session?
  44. Share session between my site and WP blog [closed]
  45. WP_Session not acting with AJAX
  46. Show menu item only if user is logged In (not word press login)
  47. How to expire session after 2 hours and also expire when browser closed?
  48. Fatal Error relating to sessions.php
  49. Pagination with $_POST and $_SESSION
  50. Custom post type search using $_SESSION and pre_get_posts
  51. Why is the session clearing after wp_safe_redirect?
  52. Check if user is logged in to site A when visiting site B
  53. How Can I Move Data From Form 1 To Form 2
  54. How to store or cache custom shopping cart data for every user’s session
  55. How to store and receive variables in WP sessions?
  56. How to make page/post password protected so you must reenter everytime you visit the page?
  57. Session problem in PHP – trying to create a simple CAPTCHA
  58. Having Issue on Redirecting With Session in WordPress
  59. Multi-instance WordPress usingn Memcached to handle sessions requests login every time a requests is handled by a different server
  60. Front end ajax user login session issue
  61. Would this be achieveable?
  62. Display if author page is author page of current user
  63. WooCommerce – set session with new cart item meta when updating cart item quantity [closed]
  64. How to change WordPress cookies to be session-only
  65. Re-use Nonce in Repeating Event Signup Buttons
  66. how do i change my website facebook login button to another text immediately user login? [closed]
  67. The session works on the local server, but not on the web server
  68. Can we stop session reset if page reloads?
  69. Where is function to prevents non logged users access wp-admin?
  70. Deleting expired session tokens in WordPress
  71. Authorize subdomain to access and read user and admin cookies
  72. PHP: $_SESSION destroyed after page reload for my custom session
  73. Adding preference buttons to main nav that persist via user sessions. (Woocommerce)
  74. logout users with specific role after close browser tab
  75. Unable to execute Ajax request, status code 400
  76. Using sessions or an alternative in a plugin
  77. Retrieve parameter from url
  78. Like and Dislike Buttons on Post with Counter – Only allow one click per post per user session
  79. End session screen not close automatically after login
  80. PHP session not staying alive. headers already sent
  81. Login issue with subdomain installs
  82. Get WordPress logged in username from root domain when WP is installed in a subfolder
  83. $_SESSION inside php function executed by AJAX
  84. PHP Session Variable to WordPress Error
  85. Looking to load a different template part on every load/refresh
  86. Allow user to select location and then set cookie for location in WordPress
  87. Capture and display users name
  88. How to create session for user which is not an admin user
  89. How to check if the user was redirected?
  90. Session stays active until page update in dashboard
  91. How to ‘remember’ a site member’s last visited page?
  92. Can’t redirect to previous page after using GET
  93. Session alternative for plugins (due to caching)
  94. Using a Cron Job to dynamically populate a field ONCE, and then making the field blank the next time someone visits page
  95. how to manage Session in WordPress using custom login?
  96. determine active user browser at the same time
  97. $_SESSION dosent’t work
  98. How to dynamically change the locale?
  99. Recognize logged WP user in existing REST API
  100. PHP – Having $_SESSION as an array and adding $_SESSION to array

Leave a Comment