Session IDs are sent to clients in a number of ways. Most often they are included in cookies, hyperlink URLs, URLs of embedded objects, and HTML form fields. Session IDs are likewise returned to servers within cookies, URLs, and HTTP post data. See the examples below:
Information sent to the client:
Set-Cookie: SessionID=LGIJALLCGEBMIBIMFKOEJIMM; path=/
Information returned to the server:
Cookie: SessionID=LGIJALLCGEBMIBIMFKOEJIMM
Information sent to the client:
<html> … <a href="/ShopIt/acknowledge.asp?SessionID=LGIJALLCGEBMIBIMFKOEJIMM" > Enter Shop </a> … </html>
Information returned to the server:
GET /ShopIt/acknowledge.asp? SessionID = LGIJALLCGEBMIBIMFKOEJIMM HTTP/1.1
Information sent to the client:
<html> … <form action="kindofpayment.asp" method="post" > Currently we only accept Credit Cards <input type="hidden" name="SessionID" value="LGIJALLCGEBMIBIMFKOEJIMM"> <input type="text" name="name" value="Jack " > <input type="submit" name="paymentButton" value="Submit"> </form> … </html>
Information returned to the server:
POST /ShopIt/kindofpayment.asp HTTP/1.1 … SessionId=LGIJALLCGEBMIBIMFKOEJIMM&name=Jack&paymentButton=Submit