P R E S E N T E D B Y :
D U R L A B H G I R I P U N J E
A M I T K U M A R S I N G
S A M I T K U M A R K A P A T
A S H I F K H A N
HTTP Request & Response Cycle
• A protocol which is incapable of remembering the
results and data associated with the transactions it
• The best - known stateless protocol is the
HYPERTEXT TRANSFER PROTOCOL (HTTP).
• A protocol which is able to remember and store
details of the transactions which it governs.
• A good example of such a protocol is the FILE
TRANSFER PROTOCOL (FTP) which, for example,
remembers the identity of the client that is using it to
Advantage & Disadvantage
The stateless design simplifies the server design
because there is no need to dynamically allocate
storage to deal with conversations in progress.
A disadvantage is that it may be necessary to include
additional information in every request and this extra
information will need to be interpreted by the server.
The most interesting pieces of information contained in the
The IP address of you and/or your HTTP proxy
Which document you requested
Which version of which browser you're using
Which page you came from to get here (if you
followed a link)
Your preferred language(s)
What is Cookie?
It is a piece of text stored by a user's web browser.
- Session Cookies
- Persistent Cookies
Setting a cookie
browser → server
(content of page)
browser ← server
browser → server
Set a cookie
setcookie(name [,value [,expire [,path [,domain
name = cookie name
value = data to store (string)
expire = when the cookie expires. Default is that cookie
expires when browser is closed.
path = Path on the server
domain = Domain at which the cookie is available for.
secure = If cookie should be sent over HTTP connection
only. Default false.
Set-Cookie: name=newvalue; expires=date; path=/; domain=.example.org.
Set-Cookie: RMID=732423sdfs73242; expires=Fri, 31-Dec-2010 23:59:59
GMT; path=/; domain=.example.net
Advantage And Disadvantage of
Acts as your identification card
It maintain the session between the client and
Page will be displayed quickly
Use as a spyware
Some facts of Cookie…
Each cookie on the user’s computer is connected to a
Each cookie be used to store up to 4kB of data.
A maximum of 20 cookies can be stored on a user’s
PC per domain.
Browsers are preprogrammed to allow a total of 300
Cookies, after which automatic deletion based on expiry
date and usage
In computer science, in particular networking, a session is a semi-
permanent interactive information interchange.
It is also known as:-
Conversation or meeting.
A session is between :-
Two or more communicating devices
A computer and user
A session may be implemented as part of protocols and services at the
Ex-HTTP Sessions, TELNET remote login sessions
A session initiation protocol based internet phone call
A TCP session which is synonyms of TCP connection or established
Types of session
Session implemented using software
TCP sessions are typically implemented in software using
A new process or thread is created when the computer establishes or
joins a Session.
The advantage with multiple processes or threads is relaxed
complexity of the software, since each thread is an instance with its
own history and encapsulated variables.
The disadvantage is large overhead in terms of system resources, and
that the session may be interrupted if the system is restarted.
Server side web
Server-side sessions are handy and efficient, but can become difficult to
handle in conjunction with load-balancing/high-availability systems and
are not usable at all in embedded systems with no storage.
The load-balancing problem can be solved by using shared storage.
A method of using server-side sessions in systems without mass-storage
is to reserve a portion of RAM for storage of session data.
This method is applicable for servers with a limited number of clients
(e.g. router or access point with infrequent or disallowed access to more
than one client at a time).
Client side web sessions
state without storing as much data on the server.
When presenting a dynamic web page, the server sends the current state data
to the client (web browser) in the form of a cookie.
The client saves the cookie in memory or on disk.
With each successive request, the client sends the cookie back to the server,
and the server uses the data to "remember" the state of the application for that
specific client and generate an appropriate response.
To improve efficiency and allow for more session data, the server may
compress the data before creating the cookie, decompressing it later when the
cookie is returned by the client.
A session token is a unique identifier that is generated and sent from
a server to a client to identify the current interaction session.
The client usually stores and sends the token as an HTTP cookie and/or
sends it as a parameter in GET or POST queries.
The reason to use session tokens is that the client only has to handle the
identifier—all session data is stored on the server (usually in a database, to
which the client does not have direct access) linked to that identifier.