Heads up! To view this whole video, sign in with your Courses account or enroll in your free 7-day trial. Sign In Enroll
Preview
Start a free Courses trial
to watch this video
HTTP's stateless protocol means web servers don't normally keep track of visitors as they move from page to page in a site...without a little help, that is. Sessions and cookies provide an important method for keeping track of user information as they visit your site. Learn more about these important web server technology.
New Terms
- Session — Information pertaining to a specific user of a website
- Cookie — File managed by the web browser that can save information from a website
HTTP is called a stateless protocol.
0:00
This means that web servers don't
normally keep track of who's visiting
0:03
each page on a site.
0:07
Servers also don't keep track of visitors
as they click from page to page.
0:08
For example, say I visited a site's home
page, then I visited the contact page,
0:13
the server doesn't keep
track of that progress and
0:19
doesn't know that I was
just on the home page.
0:21
For an authentication system,
that's a big problem.
0:25
Say I log in to a site using a log in
form, then try to visit my profile page.
0:28
If the server doesn't know that I'm the
same person who just logged in, it won't
0:32
know who's visiting the profile page and
won't show me any information for me.
0:37
In order for authentication to work,
0:42
servers need a way to keep track of
users as they move from page to page.
0:44
That's where sessions come in.
0:48
A session represents one visit
by one browser to a website.
0:50
With a little programming, a server can
create what's called a session ID when
0:54
a visitor logs into the site.
0:59
The session ID identifies that browser and
usually lasts a set period of time.
1:00
After that time, the session is
destroyed and the visitors forgotten.
1:06
Most importantly, the server can save
information along with the session ID.
1:10
For example the server could save the user
ID for a logged in user, or the last five
1:15
pages the user visited, or the items
they've added to their shopping cart.
1:20
Here's how sessions will work in our app.
1:25
When the user logs into the site,
1:27
the server creates a session containing
a session ID and the user's ID.
1:29
For security, all information in
the session is stored on the server.
1:34
However, in order for
1:38
the browser to identify itself,
we also need to use cookies.
1:39
A cookie is a key value pair
managed by your web browser.
1:44
It can store any information
that the website wishes to save.
1:48
A server can create, modify,
delete, or read from a cookie.
1:51
In this case, the server will create
a cookie in the visitor's browser
1:55
with only the user's session ID.
1:59
As the logged in visitor travels from page
to page, the server reads the cookie,
2:01
gets the session ID, and then looks at
the user ID associated with that session.
2:06
This will be easier to understand
when we start coding this
2:12
functionality into the project.
2:15
So in the next video, I'll show
you how to work with sessions, and
2:17
cookies in Express.
2:20
You need to sign up for Treehouse in order to download course files.
Sign up