About
During the use of a product, a session or connection is a execution context that
- holds identification data (if any)
- and group actions (such as interaction or transaction)
- that take place within a given time frame from one client.
In other word, a session represents a sequence of action that an application can use to maintain authentication state of a user.
Property
Period
A session can last:
- either long (e.g., Gmail account)
- or short (e.g., banking) period of time.
Token / Identifier
To keep track of the action in a session, an application uses a session token, which is a unique string, generally a nonce.
It's physically stored in a record and known as the session id for session identifier
The session id can be then passed between request. See web
Usage
Data across request
The primary usage of a session is to hold the navigation context data.
- You can then preserve data across request.
- They are a simple way to store data for individual users against a unique session ID
Tracking
It's also a mechanism to trace navigation against an application.
Analytics
A session on a analytical level is a group of user interactions that take place within a given time frame. See User Analytics - Session (Visit)
Validity
A session has a validity mechanism. The most known is that after a period of time of inactivity, the session becomes invalid and is deleted by a garbage mechanism.
Implementation
You will find this concept in all OSI layer
Network / IP
Application
Web
In the web, the session identifier is stored:
- in a session cookie.
- or passed via URL querys (e.g. PHPSESSID). Not secure at all because URL may leak the session token
- by copying and pasting the URL link into an email
- in the web request log.
When the server receives an HTTP request, the server will look up the session information (user, connection time) using the session identifier as a key.
Database
When you are making a connection with a database, you are just creating a session.
The session/connection information are stored in a table.
Pool
Connection are shared resource and therefore can not be a component of a release.