The hypertext transfer protocol (HTTP) is the foundational application-level protocol for transfer of data via the World Wide Web. HTTP is considered a stateless protocol. With a stateless protocol, a server is not required by the protocol to track user state across multiple requests. Yet, the concept of sessions is important to the Web. For example, a user may interact with an electronic commerce web site to shop for products, and this may involve numerous different HTTP requests as the user views a succession of pages. To associate the user with a session, the HTTP requests include a unique session identifier. Such an identifier may be included within link and form elements in a given page.
Alternatively, a session identifier may be stored on the client in the form of a cookie. When the user subsequently visits the same site, the client automatically presents the stored cookie data, including the session identifier, to the site. Session cookies may be flushed upon closing of the browser, while persistent cookies may be maintained for an extended period of time. Cookies are now widely used for session management, personalization, tracking, and other uses. An individual cookie may include a name, a value, and zero or more attributes.