Websites with user accounts typically implement an authentication mechanism
to identify returning users. Post-authentication, a session
will often be established. The server and browser will exchange a session ID
so the server knows which user the browser is representing with each HTTP
request.