Code design - (Connection|Session)


During the use of a product, a session or connection is a execution context that

In other word, a session represents a sequence of action that an application can use to maintain authentication state of a user.



A session can last:

  • either long (e.g., Gmail account)
  • or short (e.g., banking) period of time.

Token / Identifier

To keep track of the action in a session, an application uses a session token, which is a unique string, generally a nonce.

It's physically stored in a record and known as the session id for session identifier

The session id can be then passed between request. See web


Data across request

The primary usage of a session is to hold the navigation context data.

  • You can then preserve data across request.
  • They are a simple way to store data for individual users against a unique session ID


It's also a mechanism to trace navigation against an application.

Consumer Analytics - Tracking


A session on a analytical level is a group of user interactions that take place within a given time frame. See User Analytics - Session (Visit)


A session has a validity mechanism. The most known is that after a period of time of inactivity, the session becomes invalid and is deleted by a garbage mechanism.


You will find this concept in all OSI layer

Network / IP



In the web, the session identifier is stored:

  • or passed via URL querys (e.g. PHPSESSID). Not secure at all because URL may leak the session token
    • by copying and pasting the URL link into an email
    • in the web request log.

When the server receives an HTTP request, the server will look up the session information (user, connection time) using the session identifier as a key.


When you are making a connection with a database, you are just creating a session.

The session/connection information are stored in a table.


Connection are shared resource and therefore can not be a component of a release.

See Code Design - Connection Pool

Powered by ComboStrap