= Session

A session is a stateful abstraction over the stateless HTTP protocol. Basically, repeated requests from the same user / computer form a session. Per-session state is needed to remember essential information like:
 * Whether the user is logged in.
 * The user's authentication details.
 * The user's [wiki:TracDev/ReleaseNotes/0.11#UserPreferences preferences].

This is commonly implemented using cookies.
 
== Session user interface

In Trac's [/prefs/advanced Advanced Preferences] the user can save a session key and restore his session from a different computer. 

== Session administration

Session keys can also be managed using the [wiki:TracAdmin#FullCommandReference TracAdmin] ''session'' commands.

== Session API

[source:trunk/trac/web/session.py trac.web.session.Session] provides an API to save arbitrary per-session data.

The session for the current web request can be accessed in {{{req.session}}}.

== Session storage in the Database

The per-session data is stored in the database. Specifically in the `session` and the `session_attribute`  [wiki:TracDev/DatabaseSchema tables]. The session key / cookie identifies the relevant entries in these tables.

Note: as we often manipulate both the `session` and the `session_attribute` tables, there's a possibility of table deadlocks (#9705). We try to prevent them by always accessing the tables in the same order within the transaction: first `session`, then `session_attribute`.

== Session cookie

The session key is stored in the ''trac_session'' cookie.

== Authentication cookie

The [source:trunk/trac/web/auth.py trac.web.auth.LoginModule] implements HTTP authentication and stores the ''trac_auth'' cookie to identify the user in subsequent requests. The credentials are stored in the ''auth_cookie'' [wiki:TracDev/DatabaseSchema database table]. The cookie identifies the relevant entry in that table.

The lifetime and the path of this cookie can be configured in [wiki:TracIni#trac-section trac.ini] with ''auth_cookie_lifetime'' and ''auth_cookie_path''.