HTTP is a stateless protocol, that means client always needs to open a new connection for a new request.
Sometimes a server side application needs to track a user across multiple requests e.g. a sopping cart application. A single HTTP session is a sequence of multiple request-response transactions for a single client. As HTTP protocol is stateless, the application can apply one of the following methods to remember a user.
HTTP cookie: small name/value pairs are saved on the client browser.
URL Rewriting: the session information is added to the URL e.g.
Hidden Form Fields: Server side generates dynamic pages that includes session id for a particular request. When client submit the form to the server, server uses the hidden form field to track back the user.