Key Concepts

Review core concepts you need to learn to master this subject

Session

Sessions: Cookies

Sessons: localStorage and sessionStorage

HTTP Security Headers Definition

HTTP Security Headers: Strict-Transportation-Security

HTTP Security Headers: Content-Security-Policy

HTTP Security Headers: X-Frame-Options

Sessions in Express.js

See more

Session

A session is a storage strategy that consists of information server-side.

A session id, as well as other session variables, are stored client-side in cookies or localStorage and allow the browser to make an HTTP request to get the persistent session information from the server.

Sessions are terminated when a user exits the browser or after client storage is cleared.

Sessions & Cookies vs. localStorage
Lesson 1 of 2
  1. 1
    Introduction
    How do web applications keep a user logged in? How does a shopping site remember what’s in your cart? And how is this done securely? In this lesson, we’ll define what a web session is, what cookie…
    Start
  2. 2
    Web Sessions
    HTTP(S) protocol on its own is stateless, meaning requests and responses are just relaying information back and forth with no knowledge of a specific user. But web developers want to create engagi…
    Start
  3. 3
    Sessions and Cookies
    It’s a bit clunky for the client to remember to tack the session ID onto every request. Because of this, the session ID is often kept client-side in the form of session cookies. Cookies are tiny …
    Start
  4. 4
    Cookie Security
    Cookies often store sensitive information, especially when they’re used in session management. Cookies are also used to store a user’s personal preferences or history, which should also stay secure…
    Start
  5. 5
    What is localStorage?
    Reading cookie data can involve some tedious syntax and relying on cookies to be attached for each HTTP request can affect a website’s performance. Cookies are also quite limited in storage. Cookie…
    Start
  6. 6
    Cookies vs. localStorage vs. sessionStorage
    As you can see, the localStorage syntax is very straightforward and makes storage and retrieval easy. So why hasn’t everything transitioned to using localStorage or sessionStorage? What are the pro…
    Start
  7. 7
    More On Session Security
    Users and web developers should be concerned with session hijacking, an attack in which an attacker steals session identifiers an…
    Start
  8. 8
    Review
    Session management is an important aspect of web design and implementation. In this article, we’ve discussed how cookies, localStorage, and sessionStorage can facilitate session management. We also…
    Start

How you'll master it

Stress-test your knowledge with quizzes that help commit syntax to memory

Pro Logo