Q: How does a Session work?
A: The process is as follows:
- When a user accesses a page that requires authentication, the server creates a unique
Session ID. - The server sends this
Session IDto the client's browser, typically by setting aSet-Cookieheader. - The browser stores the
Session IDin a cookie and sends it back to the server with every subsequent request. - The server uses this
Session IDto retrieve the correspondingSessionobject, which contains the user's data. - The session and its data are destroyed when the user closes the browser or after a period of inactivity (session timeout).