Is a Session ID generated on the Server-side or Client-side?

Rory Becker picture Rory Becker · Oct 24, 2008 · Viewed 11.9k times · Source

This web page http://www.w3schools.com/ASP/prop_sessionid.asp states that a session ID is generated on the ServerSide.

If this is the case, then how does a server know it's still the same client on the 2nd request response cycle?

Surely the SessionId would be generated on the ClientSide so that the client would be sure of passing the same value to the server?

Answer

Noah Goodrich picture Noah Goodrich · Oct 24, 2008

The SessionID is generated Server Side, but is stored on the Client within a Cookie. Then everytime the client makes a request to the server the SessionID is used to authenticate the existing session for the client.