Session — is a way to identify HTTP clients. The session is strictly linked to IP, User-Agent, and fileless request paths.
With a new request, Spectr tries to find an existing session for it if no suitable session is found — creates a new one. A new session is not added to the repository if the request was unsuccessful (the return code is different from 2xx).
If the session has no active connections and no calls for more than 600 seconds, the session is removed from the storage.
If the session has been authorized once, then the authorization will not be checked for the next requests (thus, authorization and counting the number of clients for HLS are implemented).
Each session is characterized by a unique token that can be transmitted with an HTTP setting token at the first request. If the token is not transferred, it will be generated automatically. With this token, there can be only one session. The token is recorded in a cookie X-Mmxx-Session.
The session is searched for token, IP, User Agent, path. If a session is not found, a new one is created.
Understanding the sessions is essential to properly configure the content access authorization mechanism in Spectr and Middleware.
