Lecture 8: Web Commerce Technologies

Embedding Session Information into the URL

The third way in which the session ID can be passed back and forward between the server and the browser is to encode it into either the query string (appended to the ACTION URL in the usual way) or to use a region of the URL we have not discussed previously: the Extra Path. The trick here is that all of the links (including the ACTIONs of FORMs) on every page sent by the server have to have the session information written into their URL. In the early days of the Web this was regarded as slow/difficult due to the overhead of dynamically generating all of this information in real time. This is no longer an issue.

Most "Real World"™ sites employing URL-encoded session IDs like to use the query string approach. For example (some bits deleted for clarity, and with the variable cart interpreted as the session ID):

http://www.cduniverse.com/browsecat.asp?style=music&cart=236730479

The "Extra Path" is (optional) text in the filepath section of a URL beyond that required to specify the path to the executable server-side program. It's commonly used by (for example) servers which generate dynamic images, to suggest a filename for the "Save as..." option in browsers, eg:

http://www.asdf.com/images.cgi/Tree042.jpg

In this case, the URL of the image creation program itself is http://www.asdf.com/images.cgi and /Tree042.jpg is the extra path information. Whilst it's perfectly reasonable to use the extra path part of the URL to hold a session ID, no recent example could be found.

Lecture 8: Web Commerce Technologies

previous | start | next