One of the greatest challenges you face in constructing a full-featured web application is keeping track of user-specific information while a user navigates your site without asking her to identify herself at every request from the server. Among other pieces of information that you need to maintain are a user's identification, a user's security clearance if applicable, and, in more advanced applications, user preferences that allow you to customize your web site's look and feel in response to selections made by the user. The primary problem with maintaining user-specific information is limitations in the currently standard HTTP 1.0 protocol.

Although HTTP 1.0 does provide a mechanism for persistent connections that allows you to maintain user identification and user-specific data, its utility is limited. Without getting into the technical details, the Hypertext Transfer Protocol 1.0 allows client browsers to send Keep-Alive messages to proxy servers. These messages basically tell the proxy server to maintain an open connection with the requesting client. However, these connection requests are often unrecognized by the proxy server. This problem in the proxy server results in a hung connection between the proxy server and the requested web server. In a nutshell, maintaining connections with web servers is prone to error and thus is unreliable in HTTP 1.0, still by far the protocol most commonly used by client browsers.

Microsoft Internet Information Server's ...