Tech Terms Explained Open in the app →

Session

Web Development · Beginner · 4 min read

What is it?

A session is how a website remembers who you are across multiple requests, so you stay logged in as you move from page to page.

Explain like I'm 5

A session is like a coat-check ticket: after you check in (log in), you get a ticket, and showing it lets the staff recognize you each time without checking your ID again.

Why was it created?

HTTP forgets you after each request. Sessions were created so a server can link a series of requests to the same logged-in user.

Where is it used?

  • Keeping users logged in
  • Shopping carts
  • Multi-step forms and flows
  • Storing per-user state on the server

Why should developers care?

Sessions are fundamental to login and authentication on the web, so almost every web developer works with them.

How does it work?

After login, the server creates a session and gives the browser a session ID, usually in a cookie. The browser sends it on each request, and the server looks up the matching session to know who you are.

Real-world example

You log into a shopping site; a session keeps you authenticated as you browse and add items, until you log out or it expires.

Common use cases

  • Authentication state
  • Shopping carts
  • Per-user temporary data
  • Multi-request workflows

Advantages

  • Easy to invalidate (just delete the session)
  • Keeps sensitive data on the server
  • Well understood
  • Good control over login state

Disadvantages

  • Server must store session state
  • Scaling needs shared session storage
  • Cookies must be secured against theft

When should you use it?

When you want server-controlled login state that's easy to revoke.

When should you avoid it?

For fully stateless APIs across many services, where tokens like JWTs may fit better.

Alternatives

JWT (stateless tokens)API keys

Related terms

CookieJWTOAuthHTTPS

Interview questions

Beginner

  • What is a session?
  • How does a server remember a logged-in user?

Intermediate

  • How is a session ID usually stored?
  • How do sessions differ from JWTs?

Senior

  • How do you share sessions across multiple servers?
  • How do you protect session cookies from theft?

Common misconceptions

  • "Sessions and cookies are the same" — a cookie often carries the session ID, but the session is the server-side state.
  • "Sessions are outdated because of JWTs" — both are valid; sessions are easier to revoke.

Fun facts

  • The session ID in a cookie is what links your requests together.
  • Server-side sessions can be invalidated instantly, unlike most JWTs.

Timeline

  • 1990s — Sessions emerge to add state to stateless HTTP

Learning resources

Quick summary

A session lets a server remember a user across requests, typically via a session ID stored in a cookie, keeping them logged in.

Cheat sheet

  • Server-side per-user state
  • Session ID usually in a cookie
  • Easy to revoke
  • Needs shared storage to scale

If you remember only one thing

A session lets a stateless web server remember who you are across requests, usually via a cookie.