What is the life span of the session id

Questions by nitin.pathak

  
Showing Answers 1 - 2 of 2 Answers

The Session object is used to store information about, or change settings for a user session. Variables stored in the Session object hold information about one single user, and are available to all pages in one application.

A session ID is a unique number that a Web site's server assigns a specific user for the duration of that user's visit (session). The session ID can be stored as a cookie, form field, or URL (Uniform Resource Locator). Some Web servers generate session IDs by simply incrementing static numbers. However, most servers use algorithms that involve more complex methods, such as factoring in the date and time of the visit along with other variables defined by the server administrator.

Every time an Internet user visits a specific Web site, a new session ID is assigned. Closing a browser and then reopening and visiting the site again generates a new session ID. However, the same session ID is sometimes maintained as long as the browser is open, even if the user leaves the site in question and returns. In some cases, Web servers terminate a session and assign a new session ID after a few minutes of inactivity.

Session IDs, in their conventional form, do not offer secure Web browsing. Skilled hackers can acquire session IDs (a process called session prediction), and then masquerade as authorized users in a form of attack known as session hijacking.

  Was this answer useful?  Yes

girish

  • Apr 12th, 2012
 

every application is provided with the session timeout...and for that time if the user is not using the system after login then the page will expire and again the user have to sign in..

  Was this answer useful?  Yes

Revathi

  • Mar 4th, 2013
 

When we create session it will work for a particular time limit that means when the user close the window the session will be deleted.If we want to increase the time we can set the time limit.

  Was this answer useful?  Yes

A session ID is typically granted to a visitor on his first visit to a site. It is different from a user ID in that sessions are typically short-lived (they expire after a preset time of inactivity which may be minutes or hours) and may become invalid after a certain goal has been met (for example, once the buyer has finalized his order, he cannot use the same session ID to add more items).
As session IDs are often used to identify a user that has logged into a website

  Was this answer useful?  Yes

Give your answer:

If you think the above answer is not correct, Please select a reason and add your answer below.

 

Related Answered Questions

 

Related Open Questions