Abstract
A user’s interaction with an application over a period of time is known as a session. Upon authenticating to an application, a user expects to navigate through the application and perform various transactions during their session without having to authenticate every time they do something. In order to make this possible, an application needs a way to track that a user has been authenticated. Data about whether, when, and how a user has authenticated may be tracked by an application along with other information it maintains during a user’s session. Sessions and session state may be handled differently for web applications, single-page applications, and applications that run natively on a device, such as mobile application s. In this chapter, we’ll describe where sessions exist, session expiration, and renewing sessions.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
- 2.
The “OAuth 2.0 Security Best Current Practice” document specifies refresh token rotation and sender-constrained refresh tokens as two mechanisms for this. https://tools.ietf.org/html/draft-ietf-oauth-security-topics-13#section-4.12
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2019 Yvonne Wilson, Abhishek Hingnikar
About this chapter
Cite this chapter
Wilson, Y., Hingnikar, A. (2019). Sessions. In: Solving Identity Management in Modern Applications. Apress, Berkeley, CA. https://doi.org/10.1007/978-1-4842-5095-2_10
Download citation
DOI: https://doi.org/10.1007/978-1-4842-5095-2_10
Published:
Publisher Name: Apress, Berkeley, CA
Print ISBN: 978-1-4842-5094-5
Online ISBN: 978-1-4842-5095-2
eBook Packages: Professional and Applied ComputingProfessional and Applied Computing (R0)Apress Access Books