Chapter 9

Authentication and Session Management

Authentication is the easiest method for ensuring safety. If there is no authentication in a system, everybody could judge it to be unsafe. The most common form of authentication is protection with a username and a password, but there are other means of authentication as well. We will introduce some common means of web authentication in this chapter, as well as some related safety issues.

9.1 Who Am I?

Often, people—even safety engineers—confuse authentication with authorization and vice versa. In fact, the two concepts can be easily distinguished in the following way: Authentication is to recognize who the user is, and authorization is to decide what the user can do.

Figuratively speaking, assume ...

Get Web Security now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Web Security by Hanqing Wu, Liz Zhao

Authentication and Session Management

9.1 Who Am I?

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly