Session management

Session management

In human-computer interaction, session management is the process of keeping track of a user's activity across sessions of interaction with the computer system.

Typical session management tasks in a desktop environment might include keeping track of which applications are open and which documents each application has opened, so that the same state can be restored when the user logs out and logs in later. For a website, session management might involve requiring the user to re-login if the session has expired ("i.e.", a certain time limit has passed without user activity).

Desktop session management

A full description of Session Management under X Window-based systems is on the X session manager page.

Browser session management

Session management is particularly useful in a web browser where a user can save all open pages and settings and restore them at a later date. To help recover from a system or application crash, pages and settings can also be restored on next run. OmniWeb and Opera are examples of web browsers that support session management. Other modern browsers such as Mozilla Firefox support session management through third-party plugins or extensions. Session management is often managed through the application of cookies.

Web server session management

Hypertext Transfer Protocol (HTTP) is stateless: a client computer running a web browser must establish a new Transmission Control Protocol (TCP) network connection to the web server with each new HTTP GET or POST request. The web server, therefore, cannot rely on an established TCP network connection for longer than a single HTTP GET or POST operation. Session management is the technique used by the web developer to make the stateless HTTP protocol support session state. For example, once a user has authenticated herself to the web server, her next HTTP request (GET or POST) should not cause the web server to ask her for her account and password again. For a discussion of the methods used to accomplish this please see HTTP cookie.

The session information is stored on the web server using the session identifier (session ID) generated as a result of the first (sometimes the first authenticated) request from the end user running a web browser. The "storage" of session IDs and the associated session data (user name, account number, "etc.") on the web server is accomplished using a variety of techniques including, but not limited to: local memory, flat files, and databases.

In situations where multiple web servers must share knowledge of session state (as is typical in a cluster environment—see computer cluster) session information must be shared between the cluster nodes that are running web server software. Methods for sharing session state between nodes in a cluster include: multicasting session information to member nodes (see JGROUPS for one example of this technique), sharing session information with a partner node (using any of a variety of methods of shared memory), sharing session information between nodes using network sockets, storing session information on a shared file system such as the network file system or the global file system, or storing the session information outside the cluster in a database. If session information is considered transient, volatile data that is not required for non-repudiation of transactions and doesn't contain data that is subject to compliance auditing (in the U.S. for example, see the Health Insurance Portability and Accountability Act and the Sarbanes-Oxley Act for examples of two laws that necessitate compliance auditing) then any method of storing session information can be used. However, if session information is subject to audit compliance, consideration should be given to the method used for session storage, replication, and clustering.

In a service oriented architecture Simple Object Access Protocol or SOAP messages constructed with Extensible Markup Language (XML) messages can be used by consumer applications to cause web servers to create sessions.

References

* [http://searchsecurity.techtarget.com/searchSecurity/downloads//Whittaker_04.pdf] Excerpt from "How to Break Web Software: Functional and Security Testing of Web Applications and Web Services" by Mike Andrews and James A. Whittaker.


Wikimedia Foundation. 2010.

Игры ⚽ Нужна курсовая?

Look at other dictionaries:

  • Session (computer science) — In computer science, in particular networking, a session is a semi permanent interactive information interchange, also known as a dialogue, a conversation or a meeting, between two or more communicating devices, or between a computer and user… …   Wikipedia

  • Session layer — Layer 5 redirects here. For the political layer sometimes included in the TCP/IP model, see Layer 8. The OSI model 7 Application layer 6 Presentation layer 5 Session layer 4 Transport layer …   Wikipedia

  • Session-based testing — is a software test method that combines accountability and exploratory testing to provide rapid defect discovery, creative on the fly test design, management control and metrics reporting. The method can also be used in conjunction with Scenario… …   Wikipedia

  • Session poisoning — (also referred to as Session data pollution and Session modification ) is to exploit insufficient input validation in server applications which copies user input into session variables. The underlying vulnerability is a state management problem;… …   Wikipedia

  • Session fixation — attacks attempt to exploit the vulnerability of a system which allows one person to fixate (set) another person s session identifier (SID).Most session fixation attacks are web based, and most rely on session identifiers being accepted from URLs… …   Wikipedia

  • Session Manager Subsystem — (sous système gestionnaire de session smss.exe) est un composant de Windows. Il est exécuté dès le processus de démarrage de Windows. Durant cette phase, il lance autochk.exe pour vérifier le ou les différent(s) systèmes de fichiers, puis après… …   Wikipédia en Français

  • Management Development Institute — Motto Yogah Karmasu Kaushalam (Sanskrit) from the Gita 2:50 Motto in English Pefection in action is Yoga An act becomes perfect when you do it with all joy and without expecting anything in return …   Wikipedia

  • Session Manager Subsystem — SMSS (аббр. от англ. Session Manager Subsystem Service)  подсистема управления сессиями в Windows NT. Этот компонент не входит в ядро Windows NT, но его работа критически важна для системы. SMSS для своей работы использует NativeAPI.… …   Википедия

  • Management features new to Windows Vista — This article is part of a series on Windows Vista New features Overview Technical and core system Security and safety Networking technologies I/O technologies Management and administration Removed features …   Wikipedia

  • Session Border Controller — A Session Border Controller is a device used in some VoIP networks to exert control over the signaling and usually also the media streams involved in setting up, conducting, and tearing down calls. Within the context of VoIP, the word Session in… …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”