i was recently digging about cookieless sessions, i came accross an article which says that whenever the session is created on the server, its ID is stored in the cookies, on the client machine, i was being thought in my college that sessions are stored on the server, and if the sessionID is in cookies and cookies are stored in clients machine locally, how one can say that session are stored on server, is that right, that sessions are stored on server? if yes then what is the concept of cookieless session, can anyone explain me
i was recently digging about cookieless sessions, i came accross an article which says
Share
Session state is (almost always) stored on the server, and it is identified by a random number, the session token.
That token needs to be stored by the client, and sent to the server along with his HTTP requests (so that the server can remember that he has seen him before and associate the session to the request).
Only the session token is stored on the client, and since it is a random number, it does not contain any useful information in itself. It only becomes valuable together with the data stored on the server.
The easiest way to store the token is using cookies. That is what cookies were invented for. Alternatives are handing the cookie back and forth using hidden form variables or as part of the URL.