= Session = A session is a stateful abstraction over the stateless HTTP protocol. Basically, repeated requests from the same user / computer form a session. Per-session state is needed to remember essential information like: * If the user is logged in * The user's authentication details * The user's [wiki:TracDev/ReleaseNotes/0.11#UserPreferences preferences] This is commonly implemented using cookies. == Session user interface == In Trac's [/prefs/advanced Advanced Preferences] the user can save a session key and restore his session from a different computer. == Session administration == Session keys can also be managed using the [wiki:TracAdmin#FullCommandReference TracAdmin] ''session'' commands. == Session API == [source:trunk/trac/web/session.py trac.web.session.Session] provides an API to save arbitrary per-session data. The session for the current web request can be accessed in {{{req.session}}}. == Session storage in the Database == The per-session data is stored in the database. Specifically in the `session` and the `session_attribute` [wiki:TracDev/DatabaseSchema tables]. (The session key / cookie identifies the relevant entries in these tables.) Note: as we often manipulate both the `session` and the `session_attribute` tables, there's a possibility of table deadlocks (#9705). We try to prevent them to happen by always accessing the tables in the same order within the transaction, first `session`, then `session_attribute`. == Session cookie == The session key is stored in the ''trac_session'' cookie. == Authentication cookie == The [source:trunk/trac/web/auth.py trac.web.auth.LoginModule] implements HTTP authentication and stores the ''trac_auth'' cookie to identify the user in subsequent requests. The credentials are stored in the ''auth_cookie'' [wiki:TracDev/DatabaseSchema database table]. (The cookie identifies the relevant entry in that table.) The lifetime and the path of this cookie can be configured in [wiki:TracIni#trac-section trac.ini] with ''auth_cookie_lifetime'' and ''auth_cookie_path''.