Session Management: Difference between revisions
From Rice Wiki
(Created page with "Category:Cybersecurity") |
No edit summary |
||
(2 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
[[Category:Cybersecurity]] | [[Category:Cybersecurity]] | ||
'''Session management''' is one of two crucial steps of implementing digital identity (the other being [[Authentication]]). It is the process by which the server maintains the state of the user's authentication so that they may continue to use the system without re-authenticating. | |||
= Session Binding = | |||
Upon successful authentication, a ''session'' is created and binded to the client. A '''session identifier''' (session ID) name-value pair is randomly generated and assigned. | |||
Generally, we use '''cookies''' to store session IDs due to the possibilities of advanced token properties such as expiration and usage constraints. | |||
= Sources = | |||
* https://owasp.org/www-project-proactive-controls/v3/en/c6-digital-identity | |||
* https://pages.nist.gov/800-63-3/sp800-63b.html#sec7 | |||
* https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html |
Latest revision as of 03:35, 8 March 2024
Session management is one of two crucial steps of implementing digital identity (the other being Authentication). It is the process by which the server maintains the state of the user's authentication so that they may continue to use the system without re-authenticating.
Session Binding
Upon successful authentication, a session is created and binded to the client. A session identifier (session ID) name-value pair is randomly generated and assigned.
Generally, we use cookies to store session IDs due to the possibilities of advanced token properties such as expiration and usage constraints.