What is the scope of an HTTP session?

http httpsession
Yarin picture Yarin · Jan 17, 2012 · Viewed 22.5k times · Source

What exactly is the scope of an HTTP session?

I've been googling this but can't seem to get a straight answer- A session is supposed to get cleared out "when a user closes their browser", but that's unclear to me- Does that mean closing the browser window, or quitting the browser application? Does a user with two browser windows open at the same time maintain two different sessions? And are browser tabs always part if the same session?

Answer

Darin Dimitrov picture Darin Dimitrov · Jan 17, 2012

This will depend on how you are tracking sessions in your application.

By default they are tracked by HttpOnly cookies. This means that if the user closes the current tab, he doesn't loose the session. If he closes the browser though he looses the session.

If you use a cookieless mode to track sessions (cookieless="true"), ASP.NET will append a custom token to all urls meaning that a user can be logged with 2 different sessions on 2 different tabs of the same browser instance.

Related questions

PUT vs. POST in REST

According to the HTTP/1.1 Spec: The POST method is used to request that the origin server accept the entity enclosed in the request as a new subordinate of the resource identified by the Request-URI in the Request-Line In other words, …

Read More
How are parameters sent in an HTTP POST request?

In an HTTP GET request, parameters are sent as a query string: http://example.com/page?parameter=value&also;=another In an HTTP POST request, the parameters are not sent along with the URI. Where are the values? In …

Read More
What exactly is RESTful programming?

What exactly is RESTful programming?

Read More