It’s time for a confession: we’ve been deliberately ignoring an incredibly important aspect of Web development prior to this point. So far, we’ve thought of the traffic visiting our sites as some faceless, anonymous mass hurtling itself against our carefully designed pages.
This isn’t true, of course. The browsers hitting our sites have real humans behind them (some of the time, at least). That’s a big thing to ignore: the Internet is at its best when it serves to connect people, not machines. If we’re going to develop truly compelling sites, eventually we’re going to have to deal with the bodies behind the browsers.
Unfortunately, it’s not all that easy. HTTP is designed to be stateless— that is, each and every request happens in a vacuum. There’s no persistence between one request and the next, and we can’t count on any aspects of a request (IP address, user agent, etc.) to consistently indicate successive requests from the same person. In this chapter you’ll learn how to handle this lack of state. We’ll start at the lowest level (cookies), and work up to the high-level tools for handling sessions, users and registration.
