Web servers (or more specifically, the HTTP protocol) are stateless, meaning that they do not keep track of the browsers connecting to them, or of the individual page requests by users. Every time a web server receives a request for a web page and responds to it by delivering the relevant page to the users browser, the web server "forgets" about both the browser making the request and the web page it sent. When the same user requests a related page at a later time, the web server sends the page without knowing the last page that it sent to that user.
While the stateless nature of HTTP makes for a simple, easy-to-implement protocol, it makes more advanced web applications, such as personalized content generation, more difficult. For example, in order to customize a sites content for an individual user, the user must first be identified. Most websites use some form of user name and password login to accomplish this. If multiple customized pages will be displayed, a way to keep track of which users are logged in is necessary, as most users would find it unacceptable to provide their user name and password for each of the sites pages.
To allow for the creation of complex web applications, and the storage of user-supplied data across all of a sites pages, most application server technologies include support for session management. Session management allows web applications to maintain state across multiple HTTP requests, allowing a users requests for web pages during a given time period to be viewed as part of the same interactive session.
Session variables store information for the life of the users session. The users session begins when he or she first opens a page within the application. The session ends when the user does not open another page in the application for a certain period of time, or when the user explicitly terminates the session (typically by clicking a "log-off" link). While it exists, the session is specific to an individual user, and every user has a separate session.
Use session variables to store information that every page in a web application can access. The information can be as diverse as the users name, preferred font size, or a flag indicating whether the user has successfully logged in. Another common use of session variables is to keep a running tally, such as the number of questions the user answered correctly so far on an online quiz, or the products the user selected so far from an online catalog.
Note that session variables can only function if the users browser is configured to accept cookies. The server creates a session ID number that uniquely identifies the user when the session is first initiated, then sends a cookie containing the ID number to the users browser. When the user requests another page on the server, the server reads the cookie in the browser to identify the user and to retrieve the users session variables stored in the servers memory.