Sessions are used to store information across page requests a user makes. Sessions are used by the application to remember:
- whether a user is logged in
- which user they are
- information to show to a user such as error messages
The application handles starting and ending sessions appropriately, and implements security to prevent sessions being hijacked.