What is session tracking?

Session tracking (for those who haven't heard of it) is a concept which allows you to maintain a relation between 2 successive requests made to a server on the Internet. Whenever a user browses any website, he uses HTTP (the underlying protocol) for all the data transfers taking place. This ofcourse is not important to the user. But it is for you as a programmer. HTTP is a stateless protocol. When a user requests for a page the server returns that web page to the user. When the user once again clicks on a new link the server once again sends the new page that was requested. The server (because of the use of HTTP as the underlying protocol) has no idea that these 2 successive requests have come from the same user. The server is not at all bothered about who is asking for the pages. All it does it return the page that has been requested. This is exactly what stateless means. There is no connection between 2 successive requests on the Internet.

What does HTTP being stateless have to do with session tracking?

There are many instances where some sort of connection is required between 2 requests made by a user. And since all transfers on the WWW use HTTP at the lowest level this sort of connection cannot be made. For example if you are at a website buying books online, then you may add books to your Cart and continue searching for more books. Every time you click on a new page your old selected books in the Cart should not disappear. In case you use the default way the WWW works, then since 2 successive request (by the same user) have no connection, there would be no books in your Cart every time you click on a new link. I mean every click would be considered as a separate request and no having no relation to previous request. Thus as you browse, all the information that relates to you should be maintained and should be carried on as you browse more and more. Your previous Shopping Cart contents should be present when you want to add a new book to the Cart. This is what session tracking enables you to do. It lets you maintain a active session as long as you are browsing. And it gives HTTP a sort of new quality with every successive request having some relation to previous requests within the same session.

Session tracking is so common that you may not even realise that it is present. You might be used to it. It is used on almost every possible site you visit on the net. For example at Hotmail once you enter your username-pass and you reach your inbox, had there been no session tracking then every time you click on a particular link in your inbox, you would be asked for your password. This would be the case since there would be no way to understand that the one who had originally entered his username-password is the same person who is currently asking for more pages. Session tracking allows you to store the information that you have successfully logged in and this information would be checked every time you do any thing within your inbox. Thus you would not be asked to enter your password with every click. I can give you thousands of examples where session tracking is used, but I guess you have got the point.

Now lets begin with the actual way to implement session tracking. I shall explain 2 ways to implement session tracking

1. Hidden Fields In Forms
2. URL Rewriting

Also I conclude the article with a few lines on cookies which is also used for session tracking.