Introduction
When the information managed by an application is not meant to be public, a mechanism is required to verify that a user is allowed to see certain data; this is called authentication. The most common authentication method in web applications nowadays is the use of a username or identifier and a secret password combination.
HTTP is a stateless protocol, which means it treats all requests as unique and doesn't have a way of relating two as belonging to the same user, so the application also requires a way of distinguishing requests from different users and allowing them to perform tasks that may require a series of requests performed by the same user and multiple users connected at the same time. This is called session management ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access