posted on 3:26 PM, July 12, 2009
A session is a hash of keys/values that is persistent between web site visits of a single visitor. Session values that are set on one request will persist, and be available on subsequent requests. Sessions are therefore excellent ways to preserve state, track identity, and cache useful information about the visitor.
Every user who is maintaining a session has a session ID or session key. This value is stored in a cookie, so the user must accept this cookie to benefit from session management.
The session key is only created when you write data to the session. If the user has never recorded any session data, they will not have a session key, nor will they have received a session cookie.
The session key is an MD5 hash of originating IP, browser signature, the current time, and a random number. It should be very hard to guess, allowing session data to remain reasonably secure, and suitable for authentication purposes (ie. once the user has been authenticated, their mere knowledge of their session ID can be taken as proof of identity). ExSite supports a ``session'' authentication method, which does this automatically.
The session lifetime depends on the lifetime of items in the store. By default this is 1 hour maximim idle time. Sessions are renewed when they are used, so the total session lifetime is indefinite if the time between activity is less than 1 hour in each case.
Session data can be found in the global
To save data to the session table, simply add or change keys/values in
Session management is not enabled by default. That is because the
underlying storage engine is not enabled by default, for reasons noted
in its documentation. If you are not using a persistent data store,
then session data will not persist across requests. There is no harm
To enable session management, you must enable persistent storage. See
the documentation for
best practices (5)
content management (12)
data handling (7)
graphic design (21)
html formatting (7)
plug-in modules (28)
visual tutorial (29)
web protocols (9)