When a website user is authenticated, the server and browser will often exchange a session ID so the server knows which user the browser is representing with each subsequent HTTP request.