Today Web applications launched from a particular Web browser instance generally operate independently. They do not know about each other or share any common properties. For example, Common Gateway Interface (CGI) programs and Java applets get their environment from different sources. A CGI program is configured by passing it CGI tokens through the universal resource locator (URL) or querying the user. A Java applet is configured by Java applet parameters or querying the user. There is no common mechanism for sharing information across Web applications.
A current mechanism that can be used to share information across some Web applications is Web browser cookies. A named Web browser cookie can be shared by multiple CGI programs. While the Web browser cookie is an enabling mechanism, it is insufficient in itself due to some limitations. First, Web browser cookies are not directly accessible by Java applets. Second, many Web browsers have a per server limit on the number of Web browser cookies and the size of Web browser cookies (in order to avoid attacks from malicious programs); this puts a fixed upper limit on the amount of information that can be shared via Web browser cookies.
Two other aspects relevant to the concept of a Web session are missing from today's situation. First, there is no program to initialize the session context information so that it can be inherited by other Web applications. Initializing the session context information may involve allowing the user to set session properties. Second, there is no unified login model to authenticate the user and determine the user's access rights for the session. There are Web server-specific security mechanisms, but these do not provide authentication and authorization information to Web applications in a platform-independent manner.