Hello members,

I was research session IDs. Most of the web sites I came across explained how to create, and store these session IDs. The thing I'm trying to figure out is how to use them, What would I use them for???

Thanks

I use ID tags to track our clients as they search and use our website. We have a large catalog of images and when people search there maybe several pages of thumbnails and hundreds of images.

When someone enters our website they are given an ID tag. When they do a search the ID is indexed to a result list. When they are on the first index page and click to go to the second page a perl script looks up the ID tag and gets the list of the next series of thumbnails to display. Works the same for images.

You can acheive the same results with cookies but I perfer this method. Some of our clients network admins have restrictive policies and I find this method easier. I also log all the searches with ID tags so I have a general idea whats going on.

Let's say a user visits your site for the first time. On the server side, you can generate a session ID for this user, and return it with the page being served. When the user then clicks to another page in your site, this session ID comes back with his request. So, on the server side, you know that it's the _same_ user that submitted the first request. It's a way of keeping track of what a user is doing across multiple requests to your server.

(Without session IDs or something similar, like cookies, you have no way of knowing, server-side, that multiple requests for web pages are coming from the same user.)

So, again on the server side, you can fetch or build a data structure (client data of some sort), and use the session ID to associate this client data with each incoming request from that client.

By default, web applications are sessionless. Each request is received by the web server, processed, and responded to in isolation. Session IDs are one way of grouping multiple web server requests into a "session", for the purposes of user tracking, sharing data, etc.

Hope this helps. I'm far from an expert...

Thanks for the explaination.

So I can track users with sessionID or cookies. But some people and servers disallows the use of cookies. So I'm left with sessions. OK..

The thing about sessions is how do I tell if a user has been to my site before?

I know with cookies you can ID them as revisiting. and then send that cookie info to the server for processing more information, but I can't seem to understand (without cookies) how can you tell if this is a newbie or not??

Would it involve using both sessionID and cookies?

I think the only ways you can tell a user has been to your site before are (a) persistent cookies, and (b) user logins.

So, yes, I think you're right... a combination of cookies and session IDs. Use the persistent cookie to see if the user has been here before, and then you can use session IDs (or just continue to use the cookie information) for session handling.

If you do use cookies, keep in mind that the entire cookie is constantly passed back and forth with every request/reponse (even for your image files), so best to keep it small. If you have a server-side database, it's best to keep the user info in there (prefs, etc.), and simply keep some kind of user ID in the cookie. Use this ID to access the user data server-side, rather than trying to stuff all the user prefs in the cookie.

My $0.01.

We only worry about keeping track through a single visit but I do know that if someone bookmarks one of the pages after being assigned a user ID then comes back our server will read that and continue the session . The seesion ID tag is embedded as part of the URL. This is not a very good way to keep the tag from one visit to the next.

I am partial to using a login setup. You a sure that the person will get the correct ID tag and can get it no matter what computer they are on. Lets say they visit froma computer from home at night and a work machine during the day.