How does an HTTP session exactly work and in what cases does it expire (in Laravel)?

Question

I'm creating a Laravel application and I'm trying to grasp the concept of the HTTP session. I noticed that I don't really understand it on a fundamental level (e.g. what exactly happens).

On the internet there isn't much information available besides some basic stuff (getting and retrieving data, plus a few other common things).

I want to better understand it, so it'd be extremely helpful is someone could clarify the following things for me:

1. What is a session exactly? What is meant with the driver? (Laravel offers: "file", "cookie", "database", "apc", "memcached", "redis", "dynamodb", "array".) What happens to it when I choose file vs cookie?
2. What does it mean when a session expires? Is that when a user navigates away, or is it only for a specific time in the browser? E.g. if I redirect the user the some OAuth during onboarding, does that mean that the session expires or not?

Many thanks in advance!

Answer 1

As you can see, session is dependent on the driver you choose, and at the same time you can select the timeout as well in config\session.php.

In case of Cookie, the session will expire in two cases:

1. Once the cookie has expired/deleted.
2. Or (current_time - cookie_creation_time) > session_timeout set in the session.php.

In all drivers, one thing is common: whenever you access the website, and a request is made to the server, it will add the last access time and calculate the session timeout from there.

When the user navigates from the browser and the cookie is still there and it hasn't expired, the user will be identified and session will remain the same.

I hope it's clearer... If not, let me know. I will share some examples.