Tag: session-management

Found 228 results for 'session-management'.

1) authentication - Protecting the user from unauthorized access
2) web-application - Why are ASP.NET form authentication cookies deleted only on client side if client side can't be trusted?
3) vulnerability - 2FA/MFA and Session management
4) cookies - Exploiting a potential ASP.NET web app Session Fixation vulnerability
5) xss - Why aren't sessions exclusive to an IP address?
6) web-application - JWT or session cookie for API for both web and mobile app?
7) cookies - Understanding Session Fixation Vulnerability
8) web-application - Supporting deep links in a web application without permitting session theft
9) cookies - How to securely set a cookie on another subdomain?
10) web-application - Sending httpOnly cookie also in HTTP response body
11) webserver - Possible issues when one or more cookie not HttpOnly
12) web-application - Remember me vs. persistent session for web applications
13) encryption - Encryption/decryption at client or server side with hybrid cryptosystem?
14) authentication - How to implement secure user sessions using HttpOnly cookies?
15) web-application - Is ensuring that a random string in a cookie and a header are the same enough to protect against XSRF?
16) man-in-the-middle - Wouldn't transient cookies for session management increase effectiveness of MITM?
17) cookies - How is the session ID sent securely?
18) web-application - Does the ability for a user to choose the value of a session id cookie constitute a security flaw?
19) tls - Can a session be hijacked if the user is redirected from HTTPS to HTTP after login?
20) csrf - Single Page Application session management
21) session-management - How often to companies develop their own session management process?
22) web-application - Is an index, nonce and HMAC good enough for session management?
23) authentication - Is it advisable to tie different capabilities to different session tokens?
24) authentication - Backend Authentication of Mobile App: Session ID vs. OAuth
25) session-management - How often should I reset my users' session cookies?
26) mobile - How do I maintain/check a user session in the backend without having to use tokens?
27) web-application - avoid hitting DB to authenticate a user on EVERY request in stateless web app architecture?
28) authentication - Security issues with concurrent sessions in iOS app and Safari browser
29) session-management - Is this a session fixation
30) web-application - CSRF cookie vs session based tokens
31) php - Why not write the CSRF Token into the Session
32) web-application - Should I let the client send both the session and the user ID?
33) cookies - How do I store session data on a server securely
34) hash - Can I safely and securely store hash(sessionId) in application logs?
35) php - Session hijacking mitigation
36) penetration-test - How to secure store sessions values in webapps?
37) php - Are PHP Sessions based on cookies or a cookie-IP pair?
38) web-application - What measures must be taken to securely authenticate from web traffic to a WebSocket connection?
39) session-management - Preventive Measure for detecting Session Fixation attacks
40) tls - What TLS session resumption percentage?
41) csrf - Do I still need a CSRF token?
42) web-application - How secure are PHP sessions?
43) java - Session Fixation - Is that even an issue here?
44) session-management - Why are user names generally not stored in session cookies and provided with session IDs?
45) authentication - Use salt as identifier for crypted session id in database based authentication system for webapp
46) authentication - Is this non-cookie based session scheme horribly vulnerable to some attack?
47) web-application - Session id in custom header
48) web-application - Changing session id after login
49) authentication - Secure login system - using sessions?
50) php - Login system based on SOAP database