Questions tagged [session]

A session refers to the communication between a single client and a server. A session is specific to the user and for each user a new session is created to track all the requests from that user.

From Wikipedia:

A session is a semi-permanent interactive information interchange, also known as a dialogue, a conversation or a meeting, between two or more communicating devices, or between a computer and user (see Login session). A session is set up or established at a certain point in time, and torn down at a later point in time. An established communication session may involve more than one message in each direction. A session is typically, but not always, stateful, meaning that at least one of the communicating parts needs to save information about the session history in order to be able to communicate, as opposed to stateless communication, where the communication consists of independent requests with responses.

An established session is the basic requirement to perform a connection-oriented communication. A session also is the basic step to transmit in connectionless communication modes. However any unidirectional transmission does not define a session.

References:

44567 questions

161

votes

4 answers

What does passport.session() middleware do?

I am building an authentication system using Passport.js using Easy Node Authentication: Setup and Local tutorial. I am confused about what passport.session() does. After playing around with the different middleware I came to understand that…

asked Feb 26 '14 at 20:14

Georges Krinker

2,259
4
25
24

157

votes

9 answers

Differences between cookies and sessions?

I am training in web developement and am learning about JSP & Servlets. I have some knowledge of HttpSession - I have used it in some of my sample projects. In browsers I have seen the option to "delete cookies". If I delete the cookies it deletes…

jsp session servlets cookies

asked Dec 11 '08 at 14:00

blacktiger

18,957
5
20
11

157

votes

19 answers

In Laravel, the best way to pass different types of flash messages in the session

I'm making my first app in Laravel and am trying to get my head around the session flash messages. As far as I'm aware in my controller action I can set a flash message either by going Redirect::to('users/login')->with('message', 'Thanks for…

session laravel laravel-4

asked Jan 08 '14 at 19:02

harryg

23,311
45
125
198

149

votes

14 answers

ASP.NET: Session.SessionID changes between requests

Why does the property SessionID on the Session-object in an ASP.NET-page change between requests? I have a page like this: ...

SessionID: <%= SessionID %>

... And the output keeps changing every time I hit F5, independent of…

asp.net session sessionid

asked May 20 '10 at 13:22

Seb Nilsson

26,200
30
103
130

148

votes

5 answers

PHP Session Fixation / Hijacking

I'm trying to understand more about PHP Session Fixation and hijacking and how to prevent these problems. I've been reading the following two articles on Chris Shiflett's website: Session Fixation Session Hijacking However, I'm not sure I'm…

php security session session-cookies

asked Feb 22 '11 at 16:37

me2

1,481
3
10
3

147

votes

4 answers

How do PHP sessions work? (not "how are they used?")

Session files are usually stored in, say, /tmp/ on the server, and named sess_{session_id}. I have been looking at the contents and cannot figure out how they really work. Fetching the variable name and content from the file is easy. But how does…

php session

asked Oct 08 '09 at 04:52

Christoffer

25,035
18
53
77

146

votes

5 answers

How to empty/destroy a session in rails?

I can't seem to find it anywhere... How do I delete/destroy/reset/empty/clear a user's session in Rails? Not just one value but the whole thing..

ruby-on-rails session session-variables session-timeout

asked Mar 08 '10 at 23:41

tybro0103

48,327
33
144
170

141

votes

7 answers

Difference between session affinity and sticky session?

What is the difference between session affinity and sticky session in context of load balancing servers?

session load-balancing

asked Jun 24 '09 at 18:17

user32262

8,660
21
64
77

137

votes

5 answers

What should I do if the current ASP.NET session is null?

In my web application, I do something like this to read the session variables: if (HttpContext.Current.Session != null && HttpContext.Current.Session["MyVariable"] != null) { string myVariable=…

asp.net session

asked Sep 05 '09 at 08:34

Anthony

7,210
13
60
70

135

votes

14 answers

What is the best way to prevent session hijacking?

Specifically this is regarding when using a client session cookie to identify a session on the server. Is the best answer to use SSL/HTTPS encryption for the entire web site, and you have the best guarantee that no man in the middle attacks will be…

security session cookies

asked Aug 22 '08 at 17:02

Adam

28,537
15
60
73

129

votes

1 answer

"Cannot send session cache limiter - headers already sent"

Having a problem with sessions which is becoming very annoying. Every time I try to start a session on a particular page I get the following error: Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers…

php session

asked Jan 11 '12 at 00:51

user1039878

1,345
2
8
6

129

votes

3 answers

What is the session's "secret" option?

I don't know anything about cryptography. I'm wondering what the session secret is. I see code like this: app.use(express.session({ store: mongoStore({ url: app.set('db-uri') }), secret: 'topsecret' })); What is the secret and should I…

node.js session

asked Mar 17 '11 at 17:53

Harry

52,711
71
177
261

128

votes

1 answer

What is the best way to clear a session variable in rails?

session[:message] = nil Is this is the best way to destroy a session variable. Note: I don't want to clear all the session variables like reset_session does.

ruby-on-rails session

asked Oct 22 '10 at 10:09

Mohit Jain

43,139
57
169
274

125

votes

4 answers

How to properly add cross-site request forgery (CSRF) token using PHP

I am trying to add some security to the forms on my website. One of the forms uses AJAX and the other is a straightforward "contact us" form. I'm trying to add a CSRF token. The problem I'm having is that the token is only showing up in the HTML…

php security session csrf

asked Jun 09 '11 at 03:52

Ken

3,091
12
42
69

124

votes

10 answers

Keeping ASP.NET Session Open / Alive

Which is the easiest and most unobstrusive way to keep an ASP.NET session alive as long as the user has the browser window open? Is it timed AJAX calls? I want to prevent the following: sometimes users keep their window open for a long time, then…

c# asp.net session

asked Sep 16 '09 at 08:40

Alex

75,813
86
255
348

Prev 1 2

…

99 100 Next