Session-based Authentication

HTTP is a stateless protocol. This means that each HTTP request is considered an independent request and no information from the previous request is saved. If the application is static and it is available to everyone, then we don’t have any problems. We just need to inform the server which page we want to access, and we will get the result. If the application is dynamic, then we may need to send additional information regarding who is accessing the page.

Let’s say, for example, that we are shopping on Amazon. If we add certain items to our cart, then we should be able to see all the items even after we navigate to a different page. In this case, each time a request is sent to the Amazon server from the client, the client needs to send its identity.

In the below image Jane has sent a request to a web server to add an item to her cart. Jane is sending her credentials along with the request.

Get hands-on with 1400+ tech skills courses.