This web page http://www.w3schools.com/ASP/prop_sessionid.asp states that a session ID is generated on the ServerSide.
此网页http://www.w3schools.com/ASP/prop_sessionid.asp指出在ServerSide上生成会话ID。
If this is the case, then how does a server know it's still the same client on the 2nd request response cycle?
如果是这种情况,那么服务器如何知道它在第二个请求响应周期中仍然是同一个客户端?
Surely the SessionId would be generated on the ClientSide so that the client would be sure of passing the same value to the server?
当然会在ClientSide上生成SessionId,以便客户端确保将相同的值传递给服务器?
4 个解决方案
#1
13
The SessionID is generated Server Side, but is stored on the Client within a Cookie. Then everytime the client makes a request to the server the SessionID is used to authenticate the existing session for the client.
SessionID是生成服务器端,但存储在Cookie中的客户端上。然后,每次客户端向服务器发出请求时,SessionID用于验证客户端的现有会话。
#2
2
The session ID is normally generated on the server. It's then sent to the client, either as a cookie in the HTTP headers, or by including it in the HTML, i.e. the links become href=my.html?sessionid=1234.
会话ID通常在服务器上生成。然后将其作为HTTP标头中的cookie发送到客户端,或者将其包含在HTML中,即链接变为href = my.html?sessionid = 1234。
The client's next request will then contain the session Id, either in the cookie or the GET part of the request.
然后,客户端的下一个请求将包含会话ID,或者在请求的cookie或GET部分中。
#3
0
The server will generate a session id if none exists. But once it has been generated, the client can pass that id back to the server. If the client modifies that id, you would likely get an error from the server, and a new id generated.
如果不存在,服务器将生成会话ID。但是一旦生成,客户端就可以将该id传递回服务器。如果客户端修改了该id,则可能会从服务器收到错误,并生成新的id。
#4
0
The ID is generated on the server. The client then stores this in a session cookie that the server picks up on subsequent request.
ID在服务器上生成。然后,客户端将其存储在服务器在后续请求中获取的会话cookie中。
If the server is running in cookie-less mode, then the session key becomes part of the URL and the server parses it from there.
如果服务器以无cookie模式运行,则会话密钥将成为URL的一部分,服务器将从那里解析它。
ADDED: ...and if the server is expecting to use a session cookie but the client has cookies disabled, then from the perspective of the server, all requests are new sessions as it cannot tell that this is the same user.
ADDED:...如果服务器期望使用会话cookie但客户端禁用了cookie,那么从服务器的角度来看,所有请求都是新会话,因为它无法判断这是同一个用户。
#1
13
The SessionID is generated Server Side, but is stored on the Client within a Cookie. Then everytime the client makes a request to the server the SessionID is used to authenticate the existing session for the client.
SessionID是生成服务器端,但存储在Cookie中的客户端上。然后,每次客户端向服务器发出请求时,SessionID用于验证客户端的现有会话。
#2
2
The session ID is normally generated on the server. It's then sent to the client, either as a cookie in the HTTP headers, or by including it in the HTML, i.e. the links become href=my.html?sessionid=1234.
会话ID通常在服务器上生成。然后将其作为HTTP标头中的cookie发送到客户端,或者将其包含在HTML中,即链接变为href = my.html?sessionid = 1234。
The client's next request will then contain the session Id, either in the cookie or the GET part of the request.
然后,客户端的下一个请求将包含会话ID,或者在请求的cookie或GET部分中。
#3
0
The server will generate a session id if none exists. But once it has been generated, the client can pass that id back to the server. If the client modifies that id, you would likely get an error from the server, and a new id generated.
如果不存在,服务器将生成会话ID。但是一旦生成,客户端就可以将该id传递回服务器。如果客户端修改了该id,则可能会从服务器收到错误,并生成新的id。
#4
0
The ID is generated on the server. The client then stores this in a session cookie that the server picks up on subsequent request.
ID在服务器上生成。然后,客户端将其存储在服务器在后续请求中获取的会话cookie中。
If the server is running in cookie-less mode, then the session key becomes part of the URL and the server parses it from there.
如果服务器以无cookie模式运行,则会话密钥将成为URL的一部分,服务器将从那里解析它。
ADDED: ...and if the server is expecting to use a session cookie but the client has cookies disabled, then from the perspective of the server, all requests are new sessions as it cannot tell that this is the same user.
ADDED:...如果服务器期望使用会话cookie但客户端禁用了cookie,那么从服务器的角度来看,所有请求都是新会话,因为它无法判断这是同一个用户。