— User logs in:Server creates and stores session IDUser gets session ID from serverUser passes session ID on every requestServer can verify that session ID is stored and which user it belongs toUser logs out:Server deletes stored ID
Message permanent page
Server should respond with a login page or an error if it can't find the ID for pages the user should be logged in to view
— Then what about session expired messaging?
— If we logged in our Facebook which is not logged out some time shows session expired and we have login again..
— How it works?
— A good server will also store when the session was created
— And automatically delete it after a while
— It can also be updated every time the user does something (every request)
— Ok..thank you so much