The purpose of this chapter was to briefly outline some design considerations that go in to managing users in a web application. Although HTTP is a stateless protocol that does not provide persistent user sessions, we saw that cookies let web application environments implement sessions that let us follow users as they move around our application.
With this information, we investigated the possible ways in which a user might be viewed by the system, ranging from anonymous users to registered users. We then looked at where we might store user information and what information we might choose to store.
With this and the other information discussed in the previous two chapters, we will now focus on one of the most important considerations for any web site or web applicationsecurity. Keeping our data, users, and servers safe from threats is critical to the success of our web application; this is something to which we must constantly pay attention, even after we are done writing the web application and it is in a running production environment.