I feel an article coming on re counters

kparker

...but for the time being this short post will have to do.

It seems that recently we have been deluged with people asking that age-old question, "How do I display a count of users on my site?" Leaving aside the questions of why you would want to do this, I wanted to make a point about the statelessness of http, which is the main reason you can't really do such a thing, but only make a very very gross approximation.

Consider, for just a moment, what it would mean if Berners-Lee and his buddies hadn't designed http to be stateless, that when your browser connected to a webserver it got a tcp session that lasted until it disconnected or went to some other site. Do you have any idea what that would do to the throughput of your webserver? Instead of quickly serving your page (in maybe 1/10 of second) and then being free to serve some other request, the session would stay open and be unavailable for any further use until your browser went somewhere else on that same site. Using the 5-minute average that seems to be popular as a decay time for login counters, it looks like a 3000-fold decrease in the number of hits your webserver could service in a given period of time. Hardly a good tradeoff in my book!

Anon

Bravo. Nice and concice. Unfortunatly I've found that many people don't understand "stateless", so your explanation will probably go un-heeded. But I'm glad someone posted about it.

I've got another one that I've seen a lot and hopefully people will read this and understand why they can't send cookie/session data between servers.

When you use a session it either sets a cookie on the users system or you have to put the session id into the URL as a GET parameter to be passed back to the server. The actual session data is stored in a file on the server. Got that? Good.

So if you try to pass your session off to another server here are the problems that need to be overcome (if they can):

1 - if you are using cookies the server you are handing the session to needs to be in the same domain (www.mysite.com, secure.mysite.com). If it isn't in the same domain then there is no way to get the users brower to send the cookie to the site.

2 - No matter if you are using cookies or not your second server needs to look in the same place for the stored session information. So if that's a directory (usually /tmp) on your first server then your second server needs, and has, to be able to read that directory to get the session data.

If you can figure a way around these 2 issues then you can freely pass your sessions to other servers, it can be done just not easily.