DZone Security Zone
What follows is a two-part series on session management — inspired by extensive conversations with over 70 developers and our own intensive research. We will explore different session management practices, identify issues, and converge on a solution to these issues. Through it all, I hope to leave you with clarity on deciding how to manage user sessions (and auth tokens) for your application. In 20 minutes, we summarize all the important information it took us hundreds of hours to obtain and document.
This article will introduce session management, analyze commonly use session flaws, and demonstrate best practices. Part two will take a look at a new open-source flow that is secure and easy to integrate into existing systems.
Read the original article: