--- Marcelo de Moraes Serpa <celoserpa@gmail.com>
wrote:
> Hello list,
> [snip]
>
> * Each http request gets an instance of a session_id
> ? Or is it
> per-connection ?
It depends. There is no necessary correlation between
a session as defined within a web application and a
session as defined in the RDBMS. I routinely set up
web applications that may have multiple "sessions" as
seen by the RDBMS. Consider the idiom of doing
operations with the least priviledge required to get
the job done. The application might log into the
database as one databse user with very limited rights,
to authenticate the user and pass data to the web
application regarding what the user is permitted to do
(all server side, on the application server). Then,
the application may log in as a very different user
with limited rights to perform some operation the user
has initiated. So far, we have two sessions as far as
the database is concerned and only one as far as the
web application is concerned.
If you're working with web applications, you must know
that multiple http requests can share a web
application session, as can multiple web applications
(if written to do so using the single sign-on idiom),
assuming you use technologies such as cookies or URL
rewriting or hidden form fields, or the magic of
ASP.NET, to set up and maintain sessions, and that the
session is restricted to a single http request if you
don't (plain old http/html is stateless, so there is
no useful concept of session without help from other
technologies).
HTH
Ted
