[Javascript] Session variables explained (was JavaScript to PHP variable transfer)

Peter Brunone peter at brunone.com
Fri Aug 22 10:28:18 CDT 2003 

>the variable is set on 
>the server, but the cookie on the client is just needed to associate 
>the variables to the user?

	That is correct.  Session and Application variables are really
the same animal, but whereas the latter occur only once while an
application is running, the former are perpetuated every time a new user
comes in (which is why they time out, so they don't lie around forever).

	It's a common misconception, because disabling cookies most
often thwarts the use of session variables.  A cookie, called the
sessionid, is set on the client.  It expires when the browser is closed,
although the session is given a specified timeout value (usually 20
minutes), so that if the session variables are not accessed in that
time, they are cleared to save memory and the session is lost.

	This is why it is possible to store things like connection
objects in session... and also why it is highly unadvisable.  Two
hundred users, each with their own object in memory, can take up
resources quick, and access to the object becomes serialized, which
funnels *all* the users through a really small hole... but I digress.

	Session can be communicated by other means, e.g URL parameters.
Do a Google on "Cookie Munger" for a historical look at cookieless
sessions in ASP.

Cheers,

Peter


P.S. In the new regime -- ASP.NET -- you can even maintain session
across multiple servers in a web farm environment, by either one machine
as the master, or storing the session variables in SQL Server.  What
won't they think of next?

-----Original Message-----
From: javascript-bounces at LaTech.edu
[mailto:javascript-bounces at LaTech.edu] On Behalf Of Chris Tifer

I used to believe the same thing, but that's not the case. Disable 
cookies in your browser. Session Variables are indeed cookies 
stored on the client.  Or am I mistaken in that the variable is set on 
the server, but the cookie on the client is just needed to associate 
the variables to the user?

Application Variables are stored on the server for sure...

Chris Tifer
http://emailajoke.com

----- Original Message ----- 
From: "Peter Brunone" <peter at brunone.com>

> Technical nitpicky point:
> 
> Session variables aren't cookies; they're stored in memory on the 
> server.  A cookie is the most common method of keeping track of which 
> session is yours, but even that can be bypassed, e.g. with Cookie 
> Munger included in the IIS4 reskit, or ASP.NET cookieless sessions.
> 
> Other than that, I totally agree with you; this is a near-ludicrous, 
> theoretical-Kobayashi-Maru-sounding scenario.
> 
> Cheers,
> 
> Peter
> 
> -----Original Message-----
> From: javascript-bounces at LaTech.edu 
> On Behalf Of Chris Tifer
> 
> ----- Original Message -----
> From: "Andrew Gibson" <andyg at ihug.co.nz>
> 
> > Sorry im a bit late on this thread....from what I can gather you are
> looking
> > for a way to send and receive data from the server without the use 
> > of
> POST,
> > Get or Cookies?
> 
> No, he's saying TO the server. The client is supposed to set some 
> Session Variable (a client-side cookie in actuality) on the server.

More information about the Javascript mailing list