Sunday 05 July 2026 17:42:16 GMT+02:00

Netcrook

HomeManifesto
News
Techcrook
Geocrook
WikicrookTeamAppContact
EnglishItalianoArabic

WIKICROOK

Session Management

The process of creating, tracking, and ending a user’s authenticated web session.

Session management is the process of creating, tracking, and ending an authenticated web session after a user logs in. In practice, the server issues a session identifier or token so it can recognize the user on later requests without asking for a password every time.

It matters because a valid session often grants the same access as the user account itself. Attackers target weak session management through cookie theft, session fixation, token prediction, or failure to expire sessions after logout or password changes. In customer web shops and other public portals, poor session handling can expose profiles, orders, and personal data even when the underlying system is not broadly compromised. Defenders reduce risk by using secure, random session IDs, HTTPS, short lifetimes, rotation after login, server-side invalidation, and strong logout and idle-time controls.

← WIKICROOK index