Session Management
Session management is the set of techniques a web application uses to track a user's state — such as being logged in — across multiple HTTP requests, since HTTP itself is stateless.
15 resources across 3 libraries
Glossary Terms(4)
OAuth
OAuth is an open standard authorization protocol that lets a user grant a third-party application limited access to their resources on another service, without…
JSON Web Token (JWT)
A JSON Web Token (JWT) is a compact, URL-safe, digitally signed token format used to represent claims — such as a user's identity or permissions — that can be…
Session Management
Session management is the set of techniques a web application uses to track a user's state — such as being logged in — across multiple HTTP requests, since HTT…
CORS
CORS (Cross-Origin Resource Sharing) is a browser security mechanism that controls whether a web page running on one origin is allowed to make requests to a se…
Cheat Sheets(1)
Interview Questions(10)
What is a Daemon Process?
A daemon process is a long-running background process, detached from any controlling terminal, that starts (often at boot) and keeps running indefinitely to pr…
How Do Cookies Work Over HTTP?
A cookie is a small piece of state a server asks a browser to store via the `Set-Cookie` response header, which the browser then automatically re-attaches on t…
How to Design a Shopping Cart Service
A shopping cart service stores per-user line items in a fast, durable key-value store keyed by cart ID, merges anonymous and logged-in carts on login, revalida…
How Do You Manage User Sessions Across Multiple Servers?
Distributed session management means ensuring a logged-in user’s session data is available no matter which of many stateless application servers handles their…
What Are the Secure and HttpOnly Cookie Attributes?
The Secure attribute tells the browser to send a cookie only over HTTPS connections, and the HttpOnly attribute tells the browser to hide the cookie from JavaS…
What Is the SameSite Cookie Attribute and How Does It Prevent CSRF?
SameSite is a cookie attribute that tells the browser whether to include the cookie on requests originating from a different site than the one that set it, and…
What Is a Session Fixation Attack and How Do You Prevent It?
Session fixation is an attack where an attacker sets or predicts a victim’s session identifier before login and then, once the victim authenticates using that…
What Are the Main API Authentication Methods?
The most common API authentication methods are API keys for simple service-to-service identification, HTTP Basic Auth for quick but weak username/password chec…
What Is Refresh Token Rotation?
Refresh token rotation is a security pattern where every time a refresh token is used to obtain a new access token, the server also issues a brand-new refresh…
What is Statelessness in Microservices and Why Does it Matter?
Statelessness means a microservice instance keeps no client-specific session data in its own memory or local disk between requests, so any instance can handle…