The ComPact WWW server ComPactHTTPd supports the notion of sessions and contexts. Both are used to maintain and identify state inside the server. A session contains a complete working environment of a user, probably containing many actual working contexts. A session identifier is just an arbitrary but unique string chosen by the server. (The current implementation just uses the word Session followed by a number which is incremented for each new session.)
A context is identified by a directory pathname and holds the state that belongs to the meaning of this directory for ComPact, which can be the root of a package, project, pool, or just a file browser root. Consequently, four specialized forms of contexts exist: package contexts, project contexts, pool contexts, and directory contexts.
Every session and session context has its own environment, which can contain named values of type Int, Nat, Text, TextList, and TextSeq. Every environment may have an enclosing environment, called its parent. The enclosing environment of a context is the environment of the session to which it belongs, the enclosing environment of a session is the global environment of the server. Value bindings in an environment override bindings with the same name in an enclosing environment.
Sessions and contexts are identified by the variables Session and Context, which must be present in the request sent to the server. If the multi-session multi-context capabilities of the server are to be used, each request must contain variable bindings of the form Session=Session&Context=Context. If one or both are missing, the default session and/or context will be used.
After the start of ComPactHTTPd, a default session is created (which contains all the resources read from the various initialization resources used by ComPact: .compactrc, compact-env-rc, PkgBase.DefaultData) and is named Session0, and a default context, which is a directory context of the home directory of the user that started the server. In this default session and context, new sessions must now be opened performing a login procedure. For this login procedure, username and home directory can be explicitly specified.
The login procedure is intended to enable a user to have several entirely different working contexts at the same time. It does not include any authentication and authorization. Though it may theoretically be used to enable the server to actually serve requests for different users with different permissions, this will not work in most cases, since the identity and permissions of the server process, which executes external commands to perform the actual actions, is always determined by the user who started it. This is due to the fact that authentication and authorization are very different on different operating systems, and incorporating code to deal with them would have to be done separately for every single operating system. So currently each user has to start its own copy of ComPactHTTPd.