Invalidating a session using session id
From an implementation perspective this can mean that you invalidate the session, or change the session id on the server so that it can no longer be referenced by the old session id.
In a web application, server may be responding to several clients at a time so session tracking is a way by which a server can identify the client.
With this approach ,we have to have a logic to generate unique value and HTML does not allow us to pass a dynamic value which means we cannot use this approach for static pages.
As other approaches, this approach also has some disadvantages like we need to regenerate every url to append session identifier and this need to keep track of this identifier until the conversation completes.
There are four techniques which can be used to identify a user session.a) Cookiesb) Hidden Fieldsc) URL Rewritingd) Session Object With Cookies , Hidden Fields and URL rewriting approaches, client always sends a unique identifier with each request and server determines the user session based on that unique identifier where as session tracking approach using Session Object uses the other three techniques internally.
Cookie is a key value pair of information, sent by the server to the browser and then browser sends back this identifier to the server with every request there on.
Server sends back this Id to the client and there on , browser sends back this ID with every request of that user to server with which server identifies the user Browser session and server sessions are different.
Browser session is client session which starts when you opens browser and destroy on closing of browser where as server session are maintained at server end.