Is a Session ID generated on the Server-side or Client-side?

前端 未结 4 529
盖世英雄少女心
盖世英雄少女心 2021-01-06 14:44

This web page http://www.w3schools.com/ASP/prop_sessionid.asp states that a session ID is generated on the ServerSide.

If this is the case, then how does a server kn

相关标签:
4条回答
  • 2021-01-06 15:16

    The SessionID is generated Server Side, but is stored on the Client within a Cookie. Then everytime the client makes a request to the server the SessionID is used to authenticate the existing session for the client.

    0 讨论(0)
  • 2021-01-06 15:18

    The session ID is normally generated on the server. It's then sent to the client, either as a cookie in the HTTP headers, or by including it in the HTML, i.e. the links become href=my.html?sessionid=1234.

    The client's next request will then contain the session Id, either in the cookie or the GET part of the request.

    0 讨论(0)
  • 2021-01-06 15:30

    The ID is generated on the server. The client then stores this in a session cookie that the server picks up on subsequent request.

    If the server is running in cookie-less mode, then the session key becomes part of the URL and the server parses it from there.

    ADDED: ...and if the server is expecting to use a session cookie but the client has cookies disabled, then from the perspective of the server, all requests are new sessions as it cannot tell that this is the same user.

    0 讨论(0)
  • 2021-01-06 15:33

    The server will generate a session id if none exists. But once it has been generated, the client can pass that id back to the server. If the client modifies that id, you would likely get an error from the server, and a new id generated.

    0 讨论(0)
提交回复
热议问题