Bummer! This is just a preview. You need to be signed in with a Basic account to view the entire video.

Preview

Start a free Basic trial
to watch this video

Sign up for Treehouse

Tracking Visits With Sessions and Cookies

2:22 with Dave McFarland and Jonathan Foster

HTTP's stateless protocol means web servers don't normally keep track of visitors as they move from page to page in a site...without a little help, that is. Sessions and cookies provide an important method for keeping track of user information as they visit your site. Learn more about these important web server technology.

New Terms

  • Session — Information pertaining to a specific user of a website
  • Cookie — File managed by the web browser that can save information from a website
  • 0:00

    HTTP is called a stateless protocol.

  • 0:03

    This means that web servers don't normally keep track of who's visiting

  • 0:07

    each page on a site.

  • 0:08

    Servers also don't keep track of visitors as they click from page to page.

  • 0:13

    For example, say I visited a site's home page, then I visited the contact page,

  • 0:19

    the server doesn't keep track of that progress and

  • 0:21

    doesn't know that I was just on the home page.

  • 0:25

    For an authentication system, that's a big problem.

  • 0:28

    Say I log in to a site using a log in form, then try to visit my profile page.

  • 0:32

    If the server doesn't know that I'm the same person who just logged in, it won't

  • 0:37

    know who's visiting the profile page and won't show me any information for me.

  • 0:42

    In order for authentication to work,

  • 0:44

    servers need a way to keep track of users as they move from page to page.

  • 0:48

    That's where sessions come in.

  • 0:50

    A session represents one visit by one browser to a website.

  • 0:54

    With a little programming, a server can create what's called a session ID when

  • 0:59

    a visitor logs into the site.

  • 1:00

    The session ID identifies that browser and usually lasts a set period of time.

  • 1:06

    After that time, the session is destroyed and the visitors forgotten.

  • 1:10

    Most importantly, the server can save information along with the session ID.

  • 1:15

    For example the server could save the user ID for a logged in user, or the last five

  • 1:20

    pages the user visited, or the items they've added to their shopping cart.

  • 1:25

    Here's how sessions will work in our app.

  • 1:27

    When the user logs into the site,

  • 1:29

    the server creates a session containing a session ID and the user's ID.

  • 1:34

    For security, all information in the session is stored on the server.

  • 1:38

    However, in order for

  • 1:39

    the browser to identify itself, we also need to use cookies.

  • 1:44

    A cookie is a key value pair managed by your web browser.

  • 1:48

    It can store any information that the website wishes to save.

  • 1:51

    A server can create, modify, delete, or read from a cookie.

  • 1:55

    In this case, the server will create a cookie in the visitor's browser

  • 1:59

    with only the user's session ID.

  • 2:01

    As the logged in visitor travels from page to page, the server reads the cookie,

  • 2:06

    gets the session ID, and then looks at the user ID associated with that session.

  • 2:12

    This will be easier to understand when we start coding this

  • 2:15

    functionality into the project.

  • 2:17

    So in the next video, I'll show you how to work with sessions, and

  • 2:20

    cookies in Express.

You need to sign up for Treehouse in order to download course files.

Sign up