Session ID


A Session ID is an identification number that is generated on the server side to assign user requests to a session. This session ID is stored locally with the user and transferred in the form of cookies or as a URI attribute (Uniform Resource Identifier).

How it works

The data of the last session which is stored on the server side can be accessed using the user’s session ID. The browser receives the corresponding data. This method is especially useful in the field of e-commerce. The customer will be able to see shopping carts with unpurchased or last viewed articles from his earlier session.

In order to be able to give a unique identification to a user, the session ID must be available to the server for each request. The server assigns the associated data to the client. If there is no ID, the server treats the request as new and creates an unused session ID as a result.

Session ID as cookie

Session IDs can be stored as cookies locally at the client end. When a request is made to the server, the server transmits the cookie containing the session ID. The server has stored the session ID and associated information from the last session and makes it available to the client if the session ID matches.

Session ID as URI attribute

User requests can be executed by clicking a link or submitting a form. The URI of the website is modifiable and contains the session ID. This creates a unique link.

As an example, the link is no longer under: http://www.yourdomain.org,

but under:

http://www.yourdomain.org/index.php?sid=CHARACTERSEQUENCE.

Tracking these unique links is still difficult for search engines. Implementing a consistent URI attribute requires a lot of programming. In addition, the user and also the operator will have the disadvantage that these links cannot be bookmarked. This prevents the user from returning.

Security of session IDs

By modifying their session ID, a client can try to access a session ID from another user. It is possible to uncover and manipulate the data of the stored session ID.

To make it impossible to guess the session ID of other users, the server generates it from a very large range of values. This keeps the probability of a randomly called session ID very low.

Relevance to search engine optimization

A session ID can be problematic for search engine optimization. In summary, session IDs allow the content to be accessed at a different URL each time the crawler is visited. If the Googlebot crawls a website with session IDs for the second time, an article that has been indexed the first time will appear under a new URL because the session ID is no longer the same. This can be viewed as duplicate content, which in the worst case could lead to removal of the subpage from the index. At the same time, however, the previously crawled URL also issues an error message as the session ID is expired and the content is no longer found under the web address. If there is no important reason to justify the use of session IDs, it should ideally be completely dispensed with.

Web Links