Cookies and sessions
Updated Jun 17, 2022
HTTP is stateless and almost uniderectionl. Web application, on the other hand, need to keep a state.
Cookies is a client side information storage, a reliable mechanism to keep stateful information.
Cookies are used for session creation:
The cookie will also be used for session identification.
Issues with cookies and sessions
- Concurrency: what if two clients access the site simulaneously?
- Session termintation: when and how to terminate sessions?
- Data storage on the server side
- The token must be unpredictable