Who Are You, Anyway?
By Al Williams
One hallmark of a great restaurant is that the staff knows your name and remembers you when you visit. How many movies have you seen where someone orders "the usual" and the waiter or bartender knows what to do? Personally, I've only been to a few places that offer that level of service—maybe times have changed, or maybe it's just me.
The best Web sites do the same thing—they remember you. Maybe they know what background color you like, or what sports teams you follow. Some e-commerce sites remember your basic information so you don't have to retype it for each order.
Unfortunately, remembering data about users isn't one of those things that comes easily on the Web. Each Internet transaction is typically an anonymous one-time affair. This has resulted in the emergence of a variety of techniques that let you identify and store data that pertains to a user.
Sessions
The HTTP protocol supports cookies—small bits of data that the server can deposit and retrieve from the user's browser. If the server assigns each browser a unique identifier, the server can identify repeated requests from the same browser. (There are other ways to make this association, but cookies are the cleanest and most common.) Browsers don't have to accept cookies, but because so many sites require them, most users don't completely shut them off.
JavaServer Pages (JSPs), like many similar systems, artificially create the notion of a session. The first time a browser requests a page, the server assigns the browser a unique ID and stores it in a client-side cookie.
