The Session is the user's unique use case of a web site, web service or web application. Each session should have a lifetime (period of validity before the session expires) specified through its START time and END time (or expiration), as well as any number of other useful informational parameters, such as a user's unique ID, Username, Last Login, Preferences, Histories and other combinations of information used to identify a unique user.
Session Management is an essential part of creating safe and secure web applications and services. Without them, any user could potentially spoof another user by sniffing their packet data, discovering their unique user id's (or other conventions used to identify them) and access, update, delete or otherwise tamper with their personal information pertaining to the site or service.
- PHP Session Functions: http://us.php.net/session
- W3C - Ampersands, PHP Sessions and Valid HTML: http://www.w3.org/QA/2005/04/php-session
- Password Protection with PHP, MySQL, and Session Variables: http://www.codebeach.com/tutorials/password-protection-php-mysql-session-variables.asp
- Load balanced IIS Servers with ASP.NET InProc Session: https://serverfault.com/questions/19717/load-balanced-iis-servers-with-asp-net-inproc-session
- Session Management of a Java-based REST web application in a clustered environment: https://stackoverflow.com/questions/8754551/session-management-of-a-java-base-rest-web-application-in-a-clustered-environmen
- Recording user sessions in closed environments -- hybrid mobile and desktop apps, and browser extensions: https://blog.sessionstack.com/recording-user-sessions-in-closed-environments-hybrid-mobile-and-desktop-apps-and-browser-d164d1c17a67