Code design - (Connection|Session)

About

During the use of a product, a session or connection is a execution context that

In other word, a session represents a sequence of action that an application can use to maintain authentication state of a user.

Property

Period

A session can last:

  • either long (e.g., Gmail account)
  • or short (e.g., banking) period of time.

Token / Identifier

To keep track of the action in a session, an application uses a session token, which is a unique string, generally a nonce.

Usage

Data across request

The primary usage of a session is to hold the navigation context data.

  • You can then preserve data across request.
  • They are a simple way to store data for individual users against a unique session ID

Tracking

It's also a mechanism to trace navigation against an application.

Consumer Analytics - Tracking

Analytics

A session on a analytical level is a group of user interactions that take place within a given time frame. See User Analytics - Session (Visit)

Implementation

It's physically a record with a session id as identifier

A session has a validity mechanism. The most known is that after a period of time of inactivity, the session becomes invalid and is deleted by a garbage mechanism.

The session id is then passed between request. See web

Web

In the web, the session identifier is stored:

  • or passed via URL querys (e.g. PHPSESSID). Not secure at all because URL may leak the session token
    • by copying and pasting the URL link into an email
    • in the web request log.

When the server receives an HTTP request, the server will look up the session information (user, connection time) using the session identifier as a key.

Pool

Connection are shared resource and therefore can not be a component of a release.

See Code Design - Connection Pool


Powered by ComboStrap