How To Maintain HTTP Session In A Web Application
HTTP is stateless in nature, which means it does not contain any extra information about any request made by the client. It is the duty of the web application itself which is running the HTTP, to keep track of the users and maintain their session in the application since they sign in, and until they log out. There also has to be adequate measures to detect and classify the requests made by the client and to identify if they are coming from a multiple active browsers or not. So this is quite a challenging issue while designing a web application.
We will assume Visual Basic coding in Microsoft .net Framework architecture. The following steps describe in brief the process involved in maintaining an HTTP session in a web application –
All the active sessions can be identified using a unique Session ID, containing only ASCII characters, and can be as long as 120 bits to accommodate a large number of users at the same time, though this number can be varied for different applications.
Storing session values
Some important data and modifications made by the user with different requests can be stored in the server database. For example, the shopping cart of a website can be managed in the server through sessions. When using SQL, all the session values are stored in the SQL database, and the values are directly retrieved from it as and when required.
The session states are implemented using Session State Module class which is responsible for executing all the requests received by the application. It generates the unique Session ID. Adding the values to the session state can be achieved by following code.
The session state code collects all the required information and stores it using the code present in the global.asax file. The data collected can never be anything other than the ones already within the web application, so it ensures data safety.
The number of objects stored can also be directly accessed without interacting with the server database.
.Net Framework provides 3 state modes, namely, in-process, state server, and SQL server. The basic state configuration of all of them is almost same. This configuration is done to make appropriate changes in the Machine. For proper working, fully qualified assembly name must be provided along with the appropriate version which is being used by the web application, as shown here.
For different session state modes, appropriate state attributes are to be provided. In this example, the default on-process mode is shown. To use the other states, simply change the state mode values and add necessary attributes.
Apart from the above mentioned procedure, there are other ways to achieve session management with URL based methods, or by cookies. Different approaches give varied levels of security. For maximum security, a mixture of two or more of the methods can be used. HTTP being a stateless protocol, the web developers are usually free to choose the method of their own, especially on the basis of the nature and importance of the web application. Though, every method has its own list of benefits and disadvantages. So the developers are needed to look into them, and how each of them can be exploited to get a better management of HTTP sessions.
Maintain proper sessions using the best scripting languages for your web applications hosted on Bounceweb Hosting!
Leave a Reply
You must be logged in to post a comment.