Continued my web security studies. Looked into the packages that are used by PassportJS to establish and store session data. I think I finally understand sessions. It’s just temporary data with a specific purpose.
I went through the third video in the PassportJS playlist again while reading through the package documentation on npm
. I still have a lot more to learn but I am slowly making progress.
TLDR;
Okay, so here are the highlights of what I did:
- Backend -> Continued studying the concepts mentioned in the web security section. Started reading and writing notes on the specific packages being used in the tutorial videos.
Rough Notes – Sessions – 2nd Take (Still Rough though)
I changed and tried to refine some of my notes to reflect my adjusted understanding of the topic.
What Is A Session?
I originally thought there was some complex description to apply to the term “session” but in reality, a session is just temporary data with a specific use case. That use case being storing information about the interactions between the user and the application for the period of time when the user is running or still interacting with the application i.e. during the session. – (I think. LOL I am no expert)
There are many different ways a user can interact with an application so “session data” can include a variety of things. There is no set all encompassing rules for session data. It is just a term used to describe a particular set of data by it’s purpose and use within computer applications.
There are also many different types of applications so again, what a “session” would look like is influenced by this. One thing we can consider is within the same type of application (e.g. a browser session) there are similar pieces of data stored in the session although how they are stored specifically may vary depending on how the program was designed. For example, some web applications store session data in a database while others store them in the running web application themselves.
Here are some different types of sessions:
- a shell session
- a tcp session
- a login session
- a desktop session
- a browser session
- a server session
- a web session… (Is this the same as a server session)
- etc
What is a Web Session / Server Session?
Knowing the generic definition of a “session”, we can say that a “web session” is the temporary data that contains information about a user’s current interactions with a particular website. This data is generally initialized when the user first accesses the site and is generally destroyed when the user closes their web browser application (Not sure if tab closing works or if navigating to another website works either – maybe it depends).
Now more specifically for a web session, the session is a data structure that an application uses to store temporary data that is useful only during the time a user is interacting with the application, it is also specific to the user.
For example, you could save the user’s name in the session so that you don’t have to query the database every time you need it or you could store data in the session to save state between pages (between pages of a payment process for example). Think of it as a volatile memory quickly accessible that is allocated to each user who is using the application, and when the user quits, it is destroyed.
This is the general concept, the storage mechanism and how it is implemented is then specific to the application. This temporary storage could be on the file system in text files, on a database or in the internal memory of the program executing the application.
The second thing to understand is the structure of a session.
References:
- How Does a Web Session Work? – Good article with session debugging tips
- What are Sessions – Stack Overflow
Goal For Round 8 of the #100DaysofCode Challenge
This is my eighth round of the “#100daysofcode” challenge. I will be continuing my work from round five, six, and seven into round eight. I was working through the book “Cracking the Coding Interview” by Gayle Laakmann McDowell. My goal was to become more familiar with algorithms and data structures. This goal was derived from my goal to better understand operating systems and key programs that I use in the terminal regularly e.g. Git. This goal was in turn derived from my desire to better understand the fundamental tools used for coding outside of popular GUIs. This in turn was derived from my desire to be a better back-end developer.
I am currently putting a pause on the algorithm work to build some backend/full stack projects. I primarily want to improve my skills with the back-end from an implementation perspective. I have improved tremendously in terminal and CLI skills but I lost focus due to how abstract the algorithm concepts got. I wanted to work on things that were more tangible until I can get to a position where I could directly benefit from improving my algorithm skills and theoretical knowledge. So that’s the focus right now. Build my backend skills and prove my full stack capabilities by building some dope projects.
Again, I still have no idea if my path is correct but I am walking down this road anyways. Worst case scenario I learn a whole bunch of stuff that will help me out on my own personal projects. Best case scenario I actually become one of those unicorn developers that go on to start a billion dollar company… You never know LOL.