HTTP is a stateless protocol: it provides no built-in way for a server to recognize that a sequence of requests all originated from the same user. Privacy advocates may consider this a feature, but most web programmers see it as a major headache because web applications aren’t stateless. Robust web applications need to interact back and forth with the user, remembering information about the user between requests. The shopping cart application is a classic example. A client has to be able to put items into his virtual cart, and the server has to remember his items until he checks out several page requests later, or sometimes even days later!

The HTTP state problem can best be understood if you imagine an online chat forum where you are the guest of honor. Picture dozens of chat users, all conversing with you at the same time. They are asking you questions, responding to your questions, and generally making you wish you had taken that typing course back in high school. Now imagine that when each participant writes to you, the chat forum doesn’t tell you who’s speaking! All you see is a bunch of questions and statements mixed in with each other. In this kind of forum, the best you can do is hold simple conversations, perhaps answering direct questions. If you try to do anything more, such as ask someone a question in return, you won’t necessarily know when the answer comes back. This is exactly the HTTP state problem. The HTTP server sees only a ...