From the course: Programming Foundations: Secure Coding

Unlock the full course today

Join today to access over 24,100 courses taught by industry experts.

Session management issues

Session management issues

- Session management vulnerabilities are associated with web application based client server systems. Let's take a look at the vulnerabilities and mitigations in this context. To understand session management issues, first let's look at how HTTP works. HTTP is a stateless protocol which means there is no user data or other information stored between requests in the web server. In a pure stateless HTTP system, each and every request is independent of every other request, even if it's the same user with the same browser in the same browsing session. Some developers feel the need to maintain some sort of state for the user leading to the creation of the session. The session is usually initiated by some event on the website. Authentication is usually that event that starts the session and generates the unique token. The server shares that token with the client through a cookie. Now every subsequent request from the…

Contents