Memory is the treasure house of the mind wherein the monuments thereof are kept and preserved.
Chapter 8Focus on Session Management
In the last chapter we looked at authentication and how to make it difficult for impersonators to steal credentials. This is critical for security, but we’d lose users immediately if they were forced to retype their password every time the application tried to do something. This is why we need sessions.
Think of sessions as pieces of your server’s short-term memory. When you authenticate to the application, the server remembers who you are for a set amount of time. Sessions make the application convenient to use and your users happy, but if you don’t create and manage sessions securely, they’ll ...