session id - how they really work.

Posted by Gayathri under ASP.NET on 7/14/2010 | Views : 5833 | Status : [Member] | Replies : 4
Hi,

Since i am an intermediate programmer, i request some one to give a better explanation for the below query.

I have opened up two internet explorers . in both of them i have logged in with my yahoo id. one screen has compose page and the other has sent folder screen.
assuming that the session id will be different for these two sessions. i downloaded a document from the sent folder of mine in one instance and tried to upload it in another instance of the internet explorer where the compose screen is ready with covering message.

but the other instance where i tried to upload my document (attaching the document with an email) it was asking for my pwd again and as i gave the correct password it went to the inbox screen rather going to the compose screen.

where is the session id actually stored? and how does the webserver know that this is "xyz" user and this is "abc" user?

why is it so?? are the session ids same?? or whatz the concept behind this?
Thanks in advance.




Responses

Posted by: Raja on: 7/14/2010 [Member] Starter

Up
0
Down
Hey Gayathri,

Thanks for asking this nice question.

The session works based on the browse window, for each browser window a unique sessionid is created and that session is sent to the server as part of every request. The server keeps track of the request with the help of the sessionid and identifies that from which browser window it is coming.

When you are copying-pasting the url of yahoo messenger into another browser window, the sessionid of another browser session id is getting changed so its asking for username and password again.

Generally cookies are stored as cookie in the browser window, however if cookie is disabled then it is appended to the url and sent to the server.

Hope this will help you to understand it the session id concept.

Thank you.


Regards,
Raja, USA

Gayathri, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Gayathri on: 7/15/2010 [Member] Starter

Up
0
Down
Thank you very much for your reply.

Again i am adding up few more doubts on this.Kindly bear if it is too much.

I clicked on iexplore twice and two new instances got opened. now in one yahoomail.com i typed my user id. another one my friend logged on. we both were able browse our mails. Here as you said the session id is unique for each browser window. Fine..

After some time, i logged out . my friend immediately got her login page as i logged out. my doubt is the session id being unique, why did my friend also get the login screen again.

Please clarify. my assumption is , my friend will not get the logon screen even if i logout as the session id will be unique..


Gayathri, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Raja on: 7/15/2010 [Member] Starter

Up
0
Down
You both were using the same username to login or both had different username?

If same username, then once you are logged out, your session got removed from server and when your friend tried to access the account, browser sessionid couldn't be found in the application so your friend was redirected to the login page.

Hope this helps

Regards,
Raja, USA

Gayathri, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: Gayathri on: 7/15/2010 [Member] Starter

Up
0
Down
they are different userids..mine is abc@yahoo.com
my friend's id xyz@yahoo.com

so?

Gayathri, if this helps please login to Mark As Answer. | Alert Moderator

Login to post response