Privacy and Cookies
Session variables let you store and display information maintained for the duration of a userís visit (their session). The server creates a different session object for each user and maintains it for a set period of time or until the object is explicitly terminated.
How session variables work
Session variables store information (usually form or URL parameters submitted by users) and make it available to all of the pages on a website for the duration of the userís visit. For example, a user might log into a web portal to access their email, in which case their login information would be stored in a session variable which then identifies the user on every page of the website.
This allows the user to see only the types of content they have selected as they navigate through the site. Session variables can also provide a safety mechanism by terminating the userís session if the account remains inactive for a certain period of time (such as one hour, for example).
Session variables store information for the life of the userís session only. The session begins when the user opens a page within the application and ends when the user does not open another page in the application for a certain period of time, or when the user explicitly terminates the session (typically by logging out). While it exists, the session is specific to an individual user, and every user has a separate session.
User session variables are used to store information that every page in a web application can access. The information can be as diverse as the userís name, preferred font size, or a flag indicating whether the user has successfully logged in. Another common use of session variables is to keep a running tally, such as the number of questions answered correctly so far in an online quiz, or the products the user selected so far from an online catalog.
Session variables can only function if the userís browser is configured to accept cookies. The server creates a session ID number that uniquely identifies the user when the session is first initiated, then sends a cookie containing the ID number to the userís browser. When the user requests another page on the server, the server reads the cookie in the browser to identify the user and to retrieve the userís session variables stored in the serverís memory. Server variables, therefore, do not leave a cookie on your system.