Session Management

HTTP and Session Management

Session Management Methods

There are three widely used methods for maintaining sessions in web applications. They are all not safe.

    URL Querystring
    Hidden Form Field
         Cookie Attributes (RFC 2965)          Cookie Maintenance

Session Management Approaches: Client-side vs. Server-side

Session management can be broadly classified into client-side and server-side, based on the contents of the session token passed between the client and and server and withins the applications.

    Client-side Session Management
    Server-side session management

    Session information is stored on the server and passed between pages.

Session Attacks