Code design - (Connection|Session)


During the use of a product, a session or connection is a execution context that

In other word, a session represents a sequence of action that an application can use to maintain authentication state of a user.



A session can last:

  • either long (e.g., Gmail account)
  • or short (e.g., banking) period of time.

Token / Identifier

To keep track of the action in a session, an application uses a session token, which is a unique string, generally a nonce.


Data across request

The primary usage of a session is to hold the navigation context data.

  • You can then preserve data across request.
  • They are a simple way to store data for individual users against a unique session ID


It's also a mechanism to trace navigation against an application.

Consumer Analytics - Tracking


A session on a analytical level is a group of user interactions that take place within a given time frame. See User Analytics - Session (Visit)


It's physically a record with a session id as identifier

A session has a validity mechanism. The most known is that after a period of time of inactivity, the session becomes invalid and is deleted by a garbage mechanism.

The session id is then passed between request. See web


In the web, the session identifier is stored:

  • or passed via URL querys (e.g. PHPSESSID). Not secure at all because URL may leak the session token
    • by copying and pasting the URL link into an email
    • in the web request log.

When the server receives an HTTP request, the server will look up the session information (user, connection time) using the session identifier as a key.


Connection are shared resource and therefore can not be a component of a release.

See Code Design - Connection Pool

Powered by ComboStrap