{"id":3594,"date":"2025-10-21T22:55:02","date_gmt":"2025-10-21T15:55:02","guid":{"rendered":"https:\/\/kienthucmo.com\/what-is-a-session-in-web-programming-how-it-works-applications-and-effective-security\/"},"modified":"2026-03-24T15:00:17","modified_gmt":"2026-03-24T08:00:17","slug":"what-is-a-session-in-web-programming-how-it-works-applications-and-effective-security","status":"publish","type":"post","link":"https:\/\/kienthucmo.com\/en\/what-is-a-session-in-web-programming-how-it-works-applications-and-effective-security\/","title":{"rendered":"What is a Session in Web Programming? How It Works, Applications, and Effective Security"},"content":{"rendered":"\n<p>When building web applications, one of the key challenges every developer faces is: how to preserve user state across multiple requests. This is because, by nature, HTTP is a stateless protocol \u2013 meaning that after each request, the server does not automatically retain any information about the previous user.<\/p>\n\n\n\n<p>For this reason, sessions were introduced as a solution to maintain state during a user\u2019s interaction with a website. Thanks to sessions, the system can \u201cremember\u201d who is logged in, what items they have added to their shopping cart, or which step they are on in a multi-step form.<\/p>\n\n\n\n<p>In this article, we will explore sessions in detail \u2013 from their definition and working mechanism to practical applications, security considerations, and comparisons with cookies. Hopefully, through this discussion, we will gain a clearer understanding of an essential component in the foundation of modern web programming.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img fetchpriority=\"high\" decoding=\"async\" width=\"1024\" height=\"301\" src=\"https:\/\/kienthucmo.com\/wp-content\/uploads\/session-1024x301.png\" alt=\"Session trong l\u1eadp tr\u00ecnh web l\u00e0 g\u00ec? C\u00e1ch ho\u1ea1t \u0111\u1ed9ng, \u1ee9ng d\u1ee5ng v\u00e0 b\u1ea3o m\u1eadt hi\u1ec7u qu\u1ea3\" class=\"wp-image-2318\" srcset=\"https:\/\/kienthucmo.com\/wp-content\/uploads\/session-1024x301.png 1024w, https:\/\/kienthucmo.com\/wp-content\/uploads\/session-300x88.png 300w, https:\/\/kienthucmo.com\/wp-content\/uploads\/session-768x226.png 768w, https:\/\/kienthucmo.com\/wp-content\/uploads\/session-1536x451.png 1536w, https:\/\/kienthucmo.com\/wp-content\/uploads\/session-1300x382.png 1300w, https:\/\/kienthucmo.com\/wp-content\/uploads\/session.png 1800w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">1. What is a Session?<\/h2>\n\n\n\n<p><strong>Definition:<\/strong><br>A session is a temporary storage space created on the server to retain information about a user throughout their interaction with a web application. Each session is associated with a unique Session ID \u2013 like an \u201cidentification ticket\u201d that allows the server to determine who is making the request. A session can store data such as login information, shopping cart contents, or temporary user settings.<\/p>\n\n\n\n<p><strong>Key points to understand:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Session vs. cookie:<\/strong> cookies are stored on the user\u2019s machine, while sessions are stored on the server. However, these two mechanisms often work together \u2013 the cookie stores the Session ID, while the actual data resides on the server.<\/li>\n\n\n\n<li><strong>Higher security:<\/strong> since user information is not stored on the client side, sessions help reduce the risk of data tampering or theft.<\/li>\n\n\n\n<li><strong>Temporary nature:<\/strong> sessions only exist for a limited period. When a user logs out or the session expires, the stored data is deleted.<\/li>\n\n\n\n<li><strong>Primary purpose:<\/strong> to help the application \u201cremember\u201d the user\u2019s state \u2013 such as maintaining login status, storing a shopping cart, or continuing steps in a multi-page form.<\/li>\n<\/ul>\n\n\n\n<p><strong>In summary<\/strong>, a session acts as the server\u2019s \u201ctemporary memory,\u201d helping to maintain the continuity of user interactions.P.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">2. How Sessions Work<\/h2>\n\n\n\n<p>To better understand how sessions operate, we can think of them as a process of \u201ccontrolled memory\u201d between the client and the server. Below are the specific steps:<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"800\" height=\"379\" src=\"https:\/\/kienthucmo.com\/wp-content\/uploads\/Tai-sao-Session-quan-trong-trong-lap-trinh-web.jpg\" alt=\"How Sessions Work\n\" class=\"wp-image-2319\" srcset=\"https:\/\/kienthucmo.com\/wp-content\/uploads\/Tai-sao-Session-quan-trong-trong-lap-trinh-web.jpg 800w, https:\/\/kienthucmo.com\/wp-content\/uploads\/Tai-sao-Session-quan-trong-trong-lap-trinh-web-300x142.jpg 300w, https:\/\/kienthucmo.com\/wp-content\/uploads\/Tai-sao-Session-quan-trong-trong-lap-trinh-web-768x364.jpg 768w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><figcaption class=\"wp-element-caption\"><strong>Why are Sessions important in web programming?<\/strong><\/figcaption><\/figure>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Session initialization:<\/strong> When a user sends the first request (such as logging in or accessing a page that requires state persistence), the server creates a new session object and generates a Session ID \u2013 a random, unique string long enough to be unguessable.<\/li>\n\n\n\n<li><strong>Storing data on the server:<\/strong> The server assigns necessary information (e.g., user_id, user roles, temporary shopping cart, or the current step in a form) to the session object and stores it in memory (RAM), a database, or a dedicated storage system such as Redis.<\/li>\n\n\n\n<li><strong>Sending the Session ID to the client:<\/strong> After creation, the server sends the Session ID back to the client \u2013 typically via a cookie, for example:<\/li>\n<\/ul>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.875rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:block;padding:16px 0 0 16px;margin-bottom:-1px;width:100%;text-align:left;background-color:#2e3440ff\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"54\" height=\"14\" viewBox=\"0 0 54 14\"><g fill=\"none\" fill-rule=\"evenodd\" transform=\"translate(1 1)\"><circle cx=\"6\" cy=\"6\" r=\"6\" fill=\"#FF5F56\" stroke=\"#E0443E\" stroke-width=\".5\"><\/circle><circle cx=\"26\" cy=\"6\" r=\"6\" fill=\"#FFBD2E\" stroke=\"#DEA123\" stroke-width=\".5\"><\/circle><circle cx=\"46\" cy=\"6\" r=\"6\" fill=\"#27C93F\" stroke=\"#1AAB29\" stroke-width=\".5\"><\/circle><\/g><\/svg><\/span><span role=\"button\" tabindex=\"0\" style=\"color:#d8dee9ff;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>Set-Cookie: sessionid=abc123; HttpOnly; Secure<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki nord\" style=\"background-color: #2e3440ff\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #D8DEE9FF\">Set<\/span><span style=\"color: #81A1C1\">-<\/span><span style=\"color: #D8DEE9FF\">Cookie<\/span><span style=\"color: #ECEFF4\">:<\/span><span style=\"color: #D8DEE9FF\"> sessionid<\/span><span style=\"color: #81A1C1\">=<\/span><span style=\"color: #D8DEE9FF\">abc123; HttpOnly; Secure<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<p><strong>The HttpOnly and Secure flags<\/strong> help reduce the risk of attacks via JavaScript or insecure connections.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Client sends back the Session ID:<\/strong><br>In subsequent requests, the browser automatically includes this cookie in the request header. The server receives the Session ID, matches it with the stored data, and identifies the corresponding user.<\/li>\n\n\n\n<li><strong>Processing logic based on the session:<\/strong><br>Based on the information stored in the session, the server can determine who is making the request, whether they are logged in, what items are in their cart, etc. From there, it returns an appropriate response.<\/li>\n\n\n\n<li><strong>Session termination or destruction:<\/strong><br>When the user logs out, when the session expires (timeout), or when the server explicitly invalidates it, the session is removed from memory.<\/li>\n<\/ul>\n\n\n\n<p>Sessions operate based on a Session ID \u2013 like a \u201ckey\u201d that allows the server to identify the user. If the Session ID is exposed, an attacker can impersonate the legitimate user (known as session hijacking). Therefore, protecting and encrypting the Session ID is an essential part of web security.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">3. Applications of Sessions<\/h2>\n\n\n\n<p>Sessions play a central role in maintaining user state in the inherently \u201cstateless\u201d web environment \u2013 where each request is independent. With sessions, the server can \u201cremember\u201d who the user is and what they are doing throughout their interaction. Below are common and practical applications of sessions in web programming:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Authentication (Login Management):<\/strong><br>After a user successfully logs in, the server creates a session and stores identifying information such as user_id, username, or role. This allows the server to recognize the user in subsequent requests without requiring repeated logins. This is the foundation of most traditional authentication systems.<\/li>\n\n\n\n<li><strong>Shopping Cart:<\/strong><br>In e-commerce websites, sessions temporarily store the list of products selected by the user, even if they have not logged in or completed checkout. As the user continues shopping, the cart persists throughout the session.<\/li>\n\n\n\n<li><strong>Multi-step Forms:<\/strong><br>For long forms or multi-step processes (e.g., service registration or multi-stage checkout), sessions temporarily store data from each step. This ensures that information is not lost when users navigate back and forth between steps.<\/li>\n\n\n\n<li><strong>User Preferences:<\/strong><br>Sessions can store personal settings such as display language, light\/dark mode (theme), font size, or layout preferences. This provides a consistent experience during the user\u2019s visit.<\/li>\n\n\n\n<li><strong>Temporary Rate Limiting:<\/strong><br>Some applications use sessions to count the number of requests from a user within a short period, helping prevent spam or brute-force attacks without involving the main database system.<\/li>\n<\/ul>\n\n\n\n<p><strong>In summary<\/strong>, sessions are a flexible and powerful tool that help developers handle many scenarios requiring \u201ctemporary memory\u201d during user interactions.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"1000\" height=\"456\" src=\"https:\/\/kienthucmo.com\/wp-content\/uploads\/session-la-gi.jpg\" alt=\"\u1ee8ng d\u1ee5ng c\u1ee7a Session\" class=\"wp-image-2320\" srcset=\"https:\/\/kienthucmo.com\/wp-content\/uploads\/session-la-gi.jpg 1000w, https:\/\/kienthucmo.com\/wp-content\/uploads\/session-la-gi-300x137.jpg 300w, https:\/\/kienthucmo.com\/wp-content\/uploads\/session-la-gi-768x350.jpg 768w\" sizes=\"(max-width: 1000px) 100vw, 1000px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">4. Session Management and Security<\/h2>\n\n\n\n<p>Sessions store user identity information \u2013 such as user_id, role, or login status \u2013 so if compromised, attackers can gain unauthorized access to accounts or sensitive data. Therefore, proper session management and security are critical in any web application.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">4.1. Common Risks<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Session hijacking:<\/strong><br>This attack occurs when a hacker steals a Session ID (via sniffing, XSS, or tricking users into clicking malicious links) to impersonate a legitimate user. Once they obtain a valid Session ID, the attacker can access the account as if they were the owner.<\/li>\n\n\n\n<li><strong>Session fixation:<\/strong><br>In this attack, the hacker predefines a Session ID and tricks the user into using it (e.g., by sending a link containing the session ID). After the user logs in, the session remains the same \u2013 allowing the attacker to reuse it and gain access.<\/li>\n\n\n\n<li><strong>Insecure session storage:<\/strong><br>Storing sensitive information such as passwords, API tokens, or personal data directly in the session without encryption can lead to data leaks if the system is compromised.<\/li>\n\n\n\n<li><strong>Uncontrolled session lifetime:<\/strong><br>If sessions persist too long or are not invalidated upon logout, attackers can exploit old sessions for unauthorized access.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">4.2. Effective Security Practices<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Always use HTTPS:<\/strong><br>Encrypting all data exchanged between the client and server helps prevent eavesdropping (sniffing) and man-in-the-middle (MITM) attacks.<\/li>\n\n\n\n<li><strong>Set HttpOnly and Secure flags on cookies:<\/strong><br>HttpOnly prevents JavaScript from accessing cookies (mitigating XSS), while Secure ensures cookies are only transmitted over HTTPS connections.<\/li>\n\n\n\n<li><strong>Regenerate Session ID after login:<\/strong><br>After successful authentication, the server should generate a new Session ID and invalidate the old one to prevent session fixation attacks.<\/li>\n\n\n\n<li><strong>Set appropriate expiration time:<\/strong><br>Sessions should typically expire after 15\u201330 minutes of inactivity. If a \u201cRemember me\u201d feature is needed, use a separate token with strong protection.<\/li>\n\n\n\n<li><strong>Avoid storing sensitive data directly:<\/strong><br>Only store reference IDs (e.g., user_id). Detailed data should be retrieved from the database when needed. If storage is unavoidable, encrypt the data.<\/li>\n\n\n\n<li><strong>Validate IP or User-Agent:<\/strong><br>Some systems compare IP addresses and User-Agent strings to detect abnormal behavior. However, note that IPs may change in mobile networks or via ISPs.<\/li>\n\n\n\n<li><strong>Use secure storage mechanisms:<\/strong><br>Store sessions in Redis, databases with TTL (Time-To-Live), or protected storage systems. Never store them in publicly accessible directories.<\/li>\n\n\n\n<li><strong>Limit session size:<\/strong><br>Avoid storing large amounts of data in sessions, as it increases security risks and negatively impacts system performance.<\/li>\n<\/ul>\n\n\n\n<p><strong>In summary<\/strong>, securing sessions is not just about protecting a single mechanism, but about safeguarding the entire user authentication and interaction process.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"612\" height=\"408\" src=\"https:\/\/kienthucmo.com\/wp-content\/uploads\/session-quan-trong-nhu-the-nao.jpg\" alt=\" Qu\u1ea3n l\u00fd v\u00e0 b\u1ea3o m\u1eadt Session\" class=\"wp-image-2321\" srcset=\"https:\/\/kienthucmo.com\/wp-content\/uploads\/session-quan-trong-nhu-the-nao.jpg 612w, https:\/\/kienthucmo.com\/wp-content\/uploads\/session-quan-trong-nhu-the-nao-300x200.jpg 300w\" sizes=\"(max-width: 612px) 100vw, 612px\" \/><figcaption class=\"wp-element-caption\">Session<\/figcaption><\/figure>\n<\/div>\n\n\n<h2 class=\"wp-block-heading\">5. Session vs. Cookie: When to Use Each?<\/h2>\n\n\n\n<p>In web programming, both sessions and cookies help store user-related information, but they operate at different levels: one on the server side and the other on the client side. To better understand, consider the comparison below:<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th><strong>Criteria<\/strong><\/th><th><strong>Session<\/strong><\/th><th><strong>Cookie<\/strong><\/th><\/tr><\/thead><tbody><tr><td><strong>Storage location<\/strong><\/td><td>Stored on the <strong>server<\/strong><\/td><td>Stored in the <strong>browser (client)<\/strong><\/td><\/tr><tr><td><strong>Main components<\/strong><\/td><td>Includes <strong>Session ID<\/strong> and user data (session data)<\/td><td><strong>Key\u2013value<\/strong> data, e.g. <code>theme=dark<\/code><\/td><\/tr><tr><td><strong>How it works<\/strong><\/td><td>The server creates a Session ID and sends it to the client (usually via cookies). Each subsequent request sends the ID back to retrieve data from the server<\/td><td>The browser automatically sends cookies with every request to the same domain<\/td><\/tr><tr><td><strong>Lifetime<\/strong><\/td><td>Temporary (expires or is removed upon logout)<\/td><td>Can be temporary or persistent if <code>Expires<\/code> \/ <code>Max-Age<\/code> is set<\/td><\/tr><tr><td><strong>Security<\/strong><\/td><td>Higher, as data is stored on the server<\/td><td>Lower, as it can be modified or read if not properly secured<\/td><\/tr><tr><td><strong>Storage limit<\/strong><\/td><td>No strict limit (depends on the server)<\/td><td>About <strong>4KB per cookie<\/strong><\/td><\/tr><tr><td><strong>Use cases<\/strong><\/td><td>Authentication, shopping carts, multi-step forms<\/td><td>Storing language, theme, user preferences<\/td><\/tr><tr><td><strong>Common risks<\/strong><\/td><td>Session hijacking, session fixation<\/td><td>Cookie theft, XSS, data manipulation<\/td><\/tr><tr><td><strong>When to use<\/strong><\/td><td>When storing sensitive data or maintaining session state<\/td><td>When storing lightweight, non-critical data or data that needs to persist longer<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>Sessions and cookies are two essential mechanisms that help web applications \u201cremember\u201d users during interactions, but each serves a distinct role:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Sessions<\/strong> are particularly suitable for data that requires security or is tied to the user\u2019s session state \u2013 such as login information, access permissions, or temporary data in a shopping cart. Since the data is stored on the server, users cannot modify or tamper with it, which enhances security. Additionally, sessions exist only for a limited period, reducing the risk of data exposure when users leave the application.<\/li>\n\n\n\n<li><strong>Cookies<\/strong>, on the other hand, are more suitable for lightweight, less sensitive information that needs to persist over time, such as preferred interface settings (dark\/light mode), language, or \u201cremember me\u201d login states. Cookies allow the browser to automatically restore the user\u2019s experience on subsequent visits, creating a seamless and convenient interaction.<\/li>\n\n\n\n<li><strong>Combining both<\/strong> is the most common approach in modern web applications. Typically, cookies are used only to store the Session ID (or authentication token), while all actual data is securely stored in sessions on the server side. This approach ensures both security and a smooth user experience.<\/li>\n<\/ul>\n\n\n\n<p><strong>In short<\/strong>, cookies act as the \u201ckey,\u201d while sessions are the \u201cdoor\u201d that holds the information. When used together correctly, they form a web system that is both convenient and secure.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">6. Conclusion<\/h2>\n\n\n\n<p>Sessions are a fundamental component that enables web applications to \u201cremember\u201d users throughout their interactions, ensuring a smooth and seamless experience. A solid understanding of how sessions work, their differences from cookies, and the application of proper security practices will help systems operate more reliably and securely.<\/p>\n\n\n\n<p>For applications with features such as authentication, shopping carts, or multi-step forms, sessions act as a bridge that maintains user state across the entire process. Designing session management correctly from the beginning not only minimizes security risks but also provides a strong foundation for scalability, optimization, and the long-term development of the entire web system.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">7. References<\/h2>\n\n\n\n<p>[1] D. Gourley, B. Totty, M. Sayer, A. Reddy, and H. Fry, <em>HTTP: The Definitive Guide<\/em>. O\u2019Reilly Media, 2002.<br>[2] A. Barth, \u201cHTTP State Management Mechanism,\u201d RFC 6265, Internet Engineering Task Force (IETF), Apr. 2011.<br>[3] Mozilla Developer Network, \u201cSessions and State Management in HTTP,\u201d MDN Web Docs, 2024.<br>[4] R. Fielding et al., \u201cHypertext Transfer Protocol \u2013 HTTP\/1.1,\u201d RFC 2616, Internet Engineering Task Force (IETF), Jun. 1999.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Sessions were introduced as a solution to maintain state during a user\u2019s interaction with a website. Thanks to sessions, the system can \u201cremember\u201d who is logged in, what items they have added to their shopping cart, or which step they are on in a multi-step form.<\/p>\n","protected":false},"author":1,"featured_media":3593,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"googlesitekit_rrm_CAowieHDDA:productID":"","footnotes":""},"categories":[50,57,49],"tags":[],"class_list":["post-3594","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-information-technology","category-information-security","category-software-engineering"],"_links":{"self":[{"href":"https:\/\/kienthucmo.com\/en\/wp-json\/wp\/v2\/posts\/3594","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kienthucmo.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kienthucmo.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kienthucmo.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kienthucmo.com\/en\/wp-json\/wp\/v2\/comments?post=3594"}],"version-history":[{"count":5,"href":"https:\/\/kienthucmo.com\/en\/wp-json\/wp\/v2\/posts\/3594\/revisions"}],"predecessor-version":[{"id":3603,"href":"https:\/\/kienthucmo.com\/en\/wp-json\/wp\/v2\/posts\/3594\/revisions\/3603"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kienthucmo.com\/en\/wp-json\/wp\/v2\/media\/3593"}],"wp:attachment":[{"href":"https:\/\/kienthucmo.com\/en\/wp-json\/wp\/v2\/media?parent=3594"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kienthucmo.com\/en\/wp-json\/wp\/v2\/categories?post=3594"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kienthucmo.com\/en\/wp-json\/wp\/v2\/tags?post=3594"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}