A session is a semi-permanent interactive information interchange between two or more communication devices.

The session is implemented by means of a database with information about the state of each session.

The reason of not implementing it with multiple processes or threads is due to large resource overhead.

When a client may connect to any server in a cluster or servers, it is important to maintain consistency.

The client must be either directed to the same server for the duration of the session, or the servers must transmit server-side session information via a shared file system or database.

Client-side sessions use cookies and cryptographic techniques to maintain state without storing as much data on the server. 

When presenting a dynamic web page, the server sends the current state data to the client (web browser) in the form of cookie. The client saves the cookie in memory or on disk. 

With each successive request, the client sends the cookie back to the server, and the server users the data to “remember” the state of the application for that client and generate an appropriate response.

• Browser limits the number and size of cookies that may be stored by a web site.

HTTP Session Token

• A session token is a unique identifier that is generated and sent from a server to a client to identify the current interaction session. The client usually stores and sends the token as an HTTP cookie and/or sends it as a parameter in GET or POST queries. 

• The client only has to handle the identifier
• All session data is stored on the server (usually in a database).