The underlying connection is stateless. This means the HTTP layer does not remember anything about the client between requests. All information relevant to the request must be transmitted in the actual request. The purpose of this is to allow for scalability. The client should not rely on a particular server being able to handle the request. In reality, the server might actually be a set of servers in a cluster, taking turns to respond to incoming requests.

To add states to the communication, such as providing a session, the concept of a cookie was introduced. Cookies are named strings corresponding to the domain, stored on the client. Cookies can be embedded in requests, as HTTP headers, and allow the server application to process requests according to states read from the cookies. Creating sessions is one example of how cookies can be used. A session can be seen as a short-lived bag of states maintained by the server, referred to by a session identifier, or a session cookie.