Continued my web security studies. I focused on breaking down what a session is and all of the ways it can be implemented. Long story short it’s confusing. There are many different ways a session can be defined and implemented depending on the context of it’s use. I worked on trying to organize this information in a coherent set of notes… It’s not going so well LOL.
I went through the third video in the PassportJS playlist where the express-session
package was discussed. As you may already, I do not like black boxes in tech. If you tell me a package does “A”, I will ask you why and how? I will not be a jerk about it but I am curious.
So, what’s the deal with sessions? Well I found one generic definition that I liked. The quote roughly goes like:
A Session is specific to the user. You could say that a session is somewhat like an instance of the interaction between a user and an application. – Reference Article
So taking the generic definition:
a period devoted to a particular activity – Oxford Languages via Google
I kind of concluded that a session is just a private store of user info between said user and the application being used. It makes things like authentication work consistently after one login on a website. Instead of alternatively, having to repeatedly login to access each user specific page/feature. Now here comes the variance:
- How it is stored varies
- Where it is stored varies
- How it is accessed varies
- What type of information is stored varies
- How it is setup varies
- etc
I have a lot more to do but with that basic understanding I can start to work on specific use cases like express-session
and start to figure out trends and common features amongst popular session implementation tools.
TLDR;
Okay, so here are the highlights of what I did:
- Backend -> Continued reading through some of the concepts mentioned in the web security section. Read some articles and Stack overflow posts on what sessions are.
Rough Notes – Sessions (In computing – i.e. Backend Web Development)
A ‘session’ is one of those key terms in computing that you hear a lot about but can mean multiple things depending on the context. These notes are intended to help clarify how the term can be used and what it means in each respective context.
What Is A Session?
A “session” is one of those computing terms that refers to seemingly different things:
- a shell session
- a tcp session
- a login session
- a desktop session
- a browser session
- a server session
- a web session… (Is this the same as a server session)
- etc
Generally you should understand the session as the different states of an application during the time a user is interacting with it.
A Session is specific to the user. You could say that a session is somewhat like an instance of the interaction between a user and an application.
What is a Web Session / Server Session?
Now more specifically for a web session, the session is a data structure that an application uses to store temporary data that is useful only during the time a user is interacting with the application, it is also specific to the user.
For example, you could save the user’s name in the session so that you don’t have to query the database every time you need it or you could store data in the session to save state between pages (between pages of a payment process for example). Think of it as a volatile memory quickly accessible that is allocated to each user who is using the application, and when the user quits, it is destroyed.
This is the general concept, the storage mechanism and how it is implemented is then specific to the application. This temporary storage could be on the file system in text files, on a database or in the internal memory of the program executing the application.
The second thing to understand is the structure of a session.
References:
- How Does a Web Session Work? – Good article with session debugging tips
- What are Sessions – Stack Overflow
Goal For Round 8 of the #100DaysofCode Challenge
This is my eighth round of the “#100daysofcode” challenge. I will be continuing my work from round five, six, and seven into round eight. I was working through the book “Cracking the Coding Interview” by Gayle Laakmann McDowell. My goal was to become more familiar with algorithms and data structures. This goal was derived from my goal to better understand operating systems and key programs that I use in the terminal regularly e.g. Git. This goal was in turn derived from my desire to better understand the fundamental tools used for coding outside of popular GUIs. This in turn was derived from my desire to be a better back-end developer.
I am currently putting a pause on the algorithm work to build some backend/full stack projects. I primarily want to improve my skills with the back-end from an implementation perspective. I have improved tremendously in terminal and CLI skills but I lost focus due to how abstract the algorithm concepts got. I wanted to work on things that were more tangible until I can get to a position where I could directly benefit from improving my algorithm skills and theoretical knowledge. So that’s the focus right now. Build my backend skills and prove my full stack capabilities by building some dope projects.
Again, I still have no idea if my path is correct but I am walking down this road anyways. Worst case scenario I learn a whole bunch of stuff that will help me out on my own personal projects. Best case scenario I actually become one of those unicorn developers that go on to start a billion dollar company… You never know LOL.