Couch Sessions - Stateless In Seattle (
Page 2 of 4 )
It's one of the things geeks
say to each other when they want to impress the young women in earshot: "HTTP is
a stateless protocol, and the Internet is a stateless development environment".
In simple language, all this means is that the HyperText Transfer Protocol,
which is the backbone of the Web, is unable to retain a memory of the identity
of each client that connects to a Web site, and therefore treats each request
for a Web page as a unique and independent connection, with no relationship
whatsoever to the connections that preceded it - very similar to the behaviour
of some of today's more adventurous teenagers, who get drunk every night, wake
up the next morning with no memory at all of what happened, and go out again in
the evening to do the same thing all over again...
Now, so long as you're
aimlessly surfing from one site to another, this works without a problem. But
what if you've decided to buy a few books from Amazon.com? In a "stateless
environment", it would be very difficult to keep track of all the items you've
shortlisted for purchase, as the stateless nature of the HTTP protocol would
make it impossible to keep track of the items selected.
Consequently,
what is required is a method that makes it possible to "maintain state",
something that allows client connections to be tracked and connection-specific
data to be maintained. And thus came about "cookies", which allowed Web sites to
store client-specific information in a file on the client system, and access the
information in the file whenever required. So, in the shopping cart example
above, the items selected would be added to the cookie, and would be retrieved
and presented to the customer in a consolidated list during the billing
process.
The only problem with this cookie-based approach is that it is
dependent on the cookie being accepted by the client. And so, another common
approach is the use of a "session" to store specific bits of information when a
client visits a Web site; this session data is preserved for the duration of the
visit, and is usually destroyed on its conclusion. A session can thus be
considered a basket of information which contains a host of variable-value
pairs; these variable-value pairs exist for the duration of the visit, and can
be accessed at any point during it. This approach provides an elegant solution
to the "stateless" nature of the protocol, and is used on many of today's
largest sites to track and maintain information for personal and commercial
transactions.
Every session created is associated with a unique
identification string; this string is sent to the client, while a temporary
entry with the same unique identification number is created on the server,
either in a flat file or in a database. It now becomes possible to register any
number of "session variables" - these are ordinary variables, which can be used
to store textual or numeric information, and can be read from, or written to,
throughout the session.
Now, if you've been following the open source
movement, you already know about PHP, the hottest scripting language on the
planet. The latest release of the language, PHP4, includes support for session
creation and maintenance, and we'll be showing you how to use it over the next
few pages. If you still use PHP3, don't despair - we'll also be covering PHPLIB,
a set of powerful PHP classes which adds seamless session management to
PHP3-based sites.