Database Reference
In-Depth Information
CHAPTER 21
Using MySQL-Based Web Session
Management
21.0. Introduction
Many web applications interact with users over a series of requests and, as a result, must
retain information from one request to the next. A set of related requests is called a
session. Sessions are useful for activities such as performing login operations and as‐
sociating a logged-in user with subsequent requests, and gathering input from a user in
stages (possibly using earlier responses to tailor later questions). However, HTTP is a
stateless protocol, so web servers treat each request independently of any other—unless
you take steps to ensure otherwise.
This chapter shows how to make information persist across multiple requests, which
enables you to develop applications for which one request retains memory of previous
ones. The techniques shown here are general enough to apply to a variety of state-
maintaining web applications.
Session Management Issues
Some session management methods rely on information stored on the client. One way
to implement client-side storage is to use cookies, implemented as information trans‐
mitted back and forth in special request and response headers. When a session begins,
the application generates and sends the client a cookie containing the initial information
to be stored. The client returns the cookie to the server with subsequent requests to
identify itself and enable the application to recognize the requests as stages of the same
client session. At each stage, the application uses the cookie content to determine the
state (or status) of the client. To modify the session state, the application sends the client
a new cookie containing updated information to replace the old cookie. This mechanism
enables data to persist across requests while still affording the application the
