Implementing
Session IDs in Web Applications
¨URL session tracking
–Session ID is written directly on browser’s location
line
¨Hidden form elements
–Hidden Session ID element put into the HTML form
–Session ID can be seen by user by viewing HTML source code
<INPUT TYPE=“HIDDEN”
MAME=“Session” VALUE=“22343”>
¨Cookies
–Most widely used session-tracking method
–Cookie is an HTTP field that the browser stores on
behalf of a Web server, containing
info such as user preference and session
ID
–Per-session cookie is stored in browser’s memory
–Persistent cookie is written to the local file system of
client