HTTP Session

TL;DR: A way to maintain state across multiple HTTP requests from the same user. Makes stateless HTTP feel stateful for login, shopping carts, and personalization.

An HTTP session is a way to remember information about a user across multiple requests. Since HTTP is stateless (each request is independent), sessions provide a mechanism to maintain continuity between interactions.

Think of a session like a conversation with a friend - even though you pause between sentences, the context continues. Without sessions, every HTTP request would be like talking to someone with amnesia.

Sessions typically work like this:

• Server creates session: When you first visit or log in, the server creates a unique session ID
• Browser stores ID: This ID is stored in a cookie and sent with every request
• Server retrieves data: The server uses the session ID to retrieve your stored information

Common session data includes:

• Authentication state: Whether you’re logged in and who you are
• User preferences: Language, theme, or display settings
• Temporary data: Shopping cart items, form progress, or wizard steps
• Security tokens: CSRF tokens or other security information

Sessions are essential for creating personalized web experiences. Without them, you’d have to log in again for every page, and shopping carts couldn’t exist.

Examples:

• Shopping cart: Adding items across multiple pages before checkout
• Login state: Staying logged in as you navigate different pages
• Multi-step forms: Remembering answers from previous steps in a wizard

Related terms: HTTP Cookie, HTTP Request, HTTP Response