Is a Session ID generated on the Server-side or Client-side


This web page states that a session ID is generated on the ServerSide.

If this is the case, then how does a server know it's still the same client on the 2nd request response cycle?

Surely the SessionId would be generated on the ClientSide so that the client would be sure of passing the same value to the server?

Best Solution

The SessionID is generated Server Side, but is stored on the Client within a Cookie. Then everytime the client makes a request to the server the SessionID is used to authenticate the existing session for the client.