This question was difficult, so answers containing less than what I write below
What to send
|All session information.
|If the user uses the back button in the browser, information from the last transaction
is "forgotten" which can confuse the user.
More amount of information has to be transferred back and forward.
|Transaction ID identifying session information in the server.
|Information about the state of each user must be stored in the server, often done
by having a separate thread in the server for each user.
How to send it
An alternative to the methods above is to use the HTTP/1.1 features for persistent
|Pros and cons
|Put transaction ID in Magic Cookie.
|Works well, but some people disable cookies because they are afraid of misuse.
|Hidden field in a form.
|Does not work if user does something else inbetween.
|Put data in the URL which the user clicks, after a question mark.
|Only works if the user continues by accessing this URL, not suitable for much data,
user can see the URL.