Skip to main content

Cookies and sessions

HTTP is stateless and almost uniderectionl. Web application, on the other hand, need to keep a state.

Cookies is a client side information storage, a reliable mechanism to keep stateful information.

Cookies are used for session creation:

Issues with cookies and sessions

  • Concurrency: what if two clients access the site simulaneously?
  • Session termintation: when and how to terminate sessions?
  • Data storage on the server side
  • The token must be unpredictable