Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What is the scope of an HTTP session?

What exactly is the scope of an HTTP session?

I've been googling this but can't seem to get a straight answer- A session is supposed to get cleared out "when a user closes their browser", but that's unclear to me- Does that mean closing the browser window, or quitting the browser application? Does a user with two browser windows open at the same time maintain two different sessions? And are browser tabs always part if the same session?

like image 828
Yarin Avatar asked Jan 17 '12 21:01

Yarin


People also ask

What is session in HTTP?

Overview of HTTP Sessions A session is defined as a series of related browser requests that come from the same client during a certain time period. Session tracking ties together a series of browser requests—think of these requests as pages—that may have some meaning as a whole, such as a shopping cart application.

What is session and request?

For example: suppose a user wants to know some information like total bill amount (shopping website) then the request is send to server, business logics are applied processing is done and then the response is shown back to user. Sessions are the entire conversation that occurs between a server and a client.


3 Answers

This will depend on how you are tracking sessions in your application.

By default they are tracked by HttpOnly cookies. This means that if the user closes the current tab, he doesn't loose the session. If he closes the browser though he looses the session.

If you use a cookieless mode to track sessions (cookieless="true"), ASP.NET will append a custom token to all urls meaning that a user can be logged with 2 different sessions on 2 different tabs of the same browser instance.

like image 186
Darin Dimitrov Avatar answered Oct 01 '22 05:10

Darin Dimitrov


The answer to all of your questions is "it depends".

Multiple browser windows can be multiple sessions or they can be the same session. It depends on the browser behavior and how you opened the windows.

In IE, there is a menu option for 'New Window' and one for 'New Session'. The 'New Window' option will keep the same session, the 'New Session' option will open a new window with a different session. You can also get a new session in IE by holding the shift key as you start the browser.

If you have to be sure all sessions are ended, close all browser windows.

like image 39
BNL Avatar answered Oct 01 '22 05:10

BNL


Session cookies are usually deleted when the whole browser exits. Since multiple tabs/windows share the same cookies, those tabs/windows will use the same session.

However, an application could also pass the session identifier through the URL. In this case every tab/window would have its own session as long as you don't open it through a link with a valid session id.

like image 36
ThiefMaster Avatar answered Sep 28 '22 05:09

ThiefMaster