database connection and sessions in an example of social media

Question

I am referring to MS SQL connection and sessions. I know that each application should make a connection in order to access the database, and each connection can have multiple sessions. In case of a social media website where there are multiple users each with its own security credentials; does every user have to make a connection to all the databases that the user needs, and for different actions, like deleting a post or uploading a picture, make corresponding sessions? Or is this terminology for an application not a user? I am new to this terminology and sorry for possible misunderstandings.

Thanks for your time.

Answer 1

Authentication and authorization for public site users is typically done in the application layer. Database access is then done by application services using service credentials for the database connection rather than end-user credentials. The application service serves requests for many end-user sessions (not to be confused with database connections/sessions). This sort of n-tier architecture greatly improves scalability.

In cases where MARS (multiple active result sets) is used, a single database connection may be used to interleave query execution. The same connection credentials are used for each session. Note that MARS is used for specialized data access needs. Typically, there is a one-to-one relationship of client application database connections and sessions.

Connection pooling also is very important for scalability. Pooling avoids the overhead of establishing physical network connection and authorization after the initial connection is made. When a query is executed on a reused pooled connection, the session is reset automatically without an additional round trip. This is why polling is used by default with many SQL Server Client APIs.