previous |
start |
next
State Maintenance and Sessions
Most modern Web Commerce sites use the concept of a Web
session -- a series of Web requests and responses
linked together by a state variable called a session
identifier. A first visit to the sites "home page" creates
a new session, and the HTTP response is associated with a new
session identifier, or SID. All subsequent transactions are
labelled with the same SID.
- The session identifier is commonly generated as some
combination of the current time, the IP address of the client, or
maybe just as a random number.
- Session management can be rather messy on the server, since
information must be maintained about all "current" sessions, and
decisions must be made as to the deletion of "expired"
sessions.
- The SID must (obviously) be passed back and forward between the
server and the browser on every transaction. Modern practice is to
use a "belt-and-braces" approach here, with the information
duplicated in hidden fields, cookies (which may be disabled in the
browser) and also in dynamically-generated Extra Path
Information URLs. For example, the CDnow page on your lecturer's browser at
this instant has the URL (some sections deleted to fit):
http://www.cdnow.com/cgi-bin/mserver/SID=1391321707
It's obvious that every URL in the page has to have exactly the
same information, and a quick "View Source" verfies this. At this
particular site, the same information is also sent as a cookie,
although hidden fields are (apparently) not used.
previous |
start |
next