Explanation by analogy

Imagine you are in a bank, trying to get some money out of your account. But the bank is pitch black - there’s no light and you can’t see your hand in front of your face - and you are surrounded by another 20 people. They all look the same. And everybody has the same voice. In other words, HTTP is stateless.

This bank is a funny type of bank - for the sake of argument here’s how things work:

1. you wait in line and you talk to the teller - you make a request to withdraw money, and then
2. you have to wait briefly on the sofa, and 20 minutes later
3. you have to go and actually collect your money from the teller.

But how will the teller tell you apart from everyone else? The teller can’t see or readily recognise you, remember, because the lights are all out. What if your teller gives your $10,000 withdrawal to someone else - the wrong person? You’d be pretty annoyed, i’m guessing?

Solution:

When you first appear to the teller, he or she tells you something in secret: “when ever you are talking to me,” says the teller, “you should first identify yourlself as GNASHEU329 - that way I know it’s you”.

Nobody else knows the secret passcode.

So I decide to go to and chill out for 20 minutes and then later i go to the teller and say “i’d like to collect my withdrawal”

The teller asks me: “who are you!”

“It’s me, Mr George Banks!”

“Prove it!”

And then I tell them my passcode: GNASHEU329

“Certainly Mr Banks!”

That basically is how a session works. It allows one to be uniquely identified in a sea of millions of people. You need to identify yourself every time you deal with the teller.

Hope that make sense for you. If you got any questions or are unclear - please post comment and i will try to clear it up for you.

Ben