Monday, March 6th, 2006

AJAX: What’s a Session?

Category: Ajax, Programming

With more and more Ajax usage going on out on the web today (and showing no signs of fading), there are certain topics that aren’t as discussed as others. Certain people pick up those topics and decide to share what they can on the subject, and Harry Fuecks does just that in this post from the Ajax Info blog covering sessions/state storage with Ajax.

As I mentioned here, my concern about the buzz surrounding AJAX is not what’s being said but what isn’t being said. One question I’ve got nagging me, which I’ve yet to see serious discussion of, is the that of AJAX and sessions / state. I guess either no one is thinking about it or it’s got brushed under the carpet of “implementation detail�. The furthest I’ve seen seen the discussion go in this direction is Diego blogging on ajax.

From where I stand AJAX redefines the notion of state in web applications – the “new sessionâ€? exists for a user for as long as they keep the current web page running. Session data is being “persistedâ€? locally on the client, in memory in Javascript variables.

Harry moves on giving a bit of background on the web and its statelessness. He mentions how the idea of storage to get around the limitation came about, and one method of storing this data – cookies.

Moving to the other side of the equation, he looks at the persistence on the server – what’s happening, how its managed, and what can be done to handle higher loads. With these two topics firmly in place, he brings in the final piece to the puzzle, the think that threatens to break this yin/yang of client/server – Ajax.

As already said, as I see it, AJAX redefines the notion of what a session is in web applications. The state of a given user’s session can be maintained client side in Javascript and will remain there so long as they don’t click reload.

He notes that technically, with this kind of handling, one can almost drop cookies/server-side storage completely.

Posted by Chris Cornutt at 2:24 pm

3.4 rating from 39 votes


Comments feed TrackBack URI

One issue I didn’t see mentioned as a reason to still store state on the server is security…. how much can you trust the client to not modify the state you are storing there? Especially with things like greasemonkey. Javascript injection exploit?

Comment by Andy — March 6, 2006

The state of a given user’s session can be maintained client side in Javascript and will remain there so long as they don’t click reload.

I’m afraid you’ll still need cookies! (Emphasis mine)

Comment by Mark Wubben — March 6, 2006

I initiate a session on the server with the starting page (for instance “index.html”) and once the users leaves the page the session is cleared, with a synchronous call.

This prevents requests from invalid resources to Ajax backend. But still doesn’t stop “features” such as greasmonkey. Code injection can be stopped with script.

I am interested in how others have solved similar issues. More insightful reading and tips are welcome, on this topic.

Comment by Hakan Bilgin — March 7, 2006

BTW, I mean “index.php”. :-)

Comment by Hakan Bilgin — March 7, 2006

Steffen Meschkat (Google) talked about Ajax and google maps on 22c3. he also emphasised the difference between client sessions and server sessions. i couldnt find the talk online, might not yet be available.

Comment by kpi — March 7, 2006

And what if you want to have multiple windows open?

What if you’re paging over a big list? Do you want to bring the whole thing down to the client, or just keep the list on the server and just get back the pages you request from the client?

Do you want to send ALL of the pertinent state with every call to the server? Much better, I think, to just send the deltas or events to the server so the server can update it’s session state and return new content based on the session state to update the client.

Comment by Jason Carreira — March 7, 2006

Check out the sidebar to the right – there are a few options there, including the ornge “FEED” button that you can drop into your feed reader and get the latest from

Comment by Chris Cornutt — March 23, 2006

This is already possible….
Reading/Writing Session variables in AJAX.NET methods is easy. Please refer to:

Comment by Jimmy Baker — March 27, 2006

Leave a comment

You must be logged in to post a comment.