Session management: Difference between revisions

From Computer Science Wiki
(Created page with "<center> <blockquote style="padding: 5px; background-color: #FFF8DC; border: solid thin gray;"> File:Exclamation.png This is student work which has not yet been approve...")
 
 
(7 intermediate revisions by the same user not shown)
Line 9: Line 9:
== Introduction ==
== Introduction ==


Please write a clear, concise description of your topic here.You will likely reference your introduction from somewhere else. Please use the following syntax at the end of each of your ideas. '''IT IS CRITICAL YOU ATTRIBUTE''' others work. Your introduction should be factual. No more than 3 or 4 sentences, please. Because you are not an expert in your topic, I expect you to triangulate your information. LOTS OF LINK TO OTHER RESOURCES PLEASE! If you do not use a section, please delete it. Your finished page should only have information which explains your topic.  
is the process of securing multiple requests to a service from the same user or entity. In many cases, a session is initialized by authenticating a user or entity with factors such as a password. Once the user is authenticated, subsequent requests authenticate the session as opposed to the user themselves.


<nowiki>
== How does it work or a deeper look ==
<ref>the url I cited by material from</ref>
</nowiki>


== How does it work or a deeper look ==
Session Id: Users prove they own a session by submitting authentication parameters with each request that typically include a session id and other factors such as a nonce. Session ids are designed to be long and random such that it is infeasible to guess them.
 
Transport: Session management is essentially a process of providing secrets to authenticated users such as a session id and having them pass it back to you. As such, cryptographically secure network communications are required to implement secure session management.
 
Cookies:The security of clients is a concern for session management. In the case of a web browser, session ids may be stored in secure cookies. In some cases, browsers can be tricked into giving up their session credentials with attacks such as DNS spoofing. As such, consideration of cookie security is within the scope of session management.
 
Session Expiry: Sessions are designed to be temporary objects that expire. Their life is typically extended with each new request with a maximum age that can't be exceeded.
 
Session Resources:Session management may be targeted by denial of service attacks that flood services with requests to create new sessions. As such, session management is ideally resource light.


* If you are discussing a THING YOU CAN TOUCH, you must explain how it works, and the parts it is made of. Google around for an "exploded technical diagram" of your thing, [http://cdiok.com/wp-content/uploads/2012/01/MRI-Technology.jpg maybe like this example of an MRI]  It is likely you will reference outside links. Please attribute your work.
Detecting Anomalies:Session management may include features to detect anomalies such as brute force guesses of session ids or denial of service attacks.In some cases, session management may prevent users from creating multiple sessions from the same IP. For practical reasons of usability, this may be allowed up to some limit.
* If you are discussing a PROCESS OR ABSTRACT CONCEPT (like [[fuzzy logic]]) you must deeply explain how it works.


== Examples ==  
== Examples ==  
Line 30: Line 35:
# [https://www.mediawiki.org/wiki/Help:Managing_files upload a file]
# [https://www.mediawiki.org/wiki/Help:Managing_files upload a file]
# [https://www.mediawiki.org/wiki/Help:Images use the file on a wiki page]
# [https://www.mediawiki.org/wiki/Help:Images use the file on a wiki page]
== External links ==
* It would be helpful
* to include many links
* to other internet resources
* to help fellow students
* Please make sure the content is good
* and don't link to a google search results, please


== References ==
== References ==


<references />
<references />
https://www.veracode.com/security/session-management
https://simplicable.com/new/session-management


[[Category:2019 case study]]
[[Category:2019 case study]]
[[Category:Student created article]]
[[Category:Student created article]]

Latest revision as of 10:36, 9 August 2018

Exclamation.png This is student work which has not yet been approved as correct by the instructor

Case study notes[1]

Introduction[edit]

is the process of securing multiple requests to a service from the same user or entity. In many cases, a session is initialized by authenticating a user or entity with factors such as a password. Once the user is authenticated, subsequent requests authenticate the session as opposed to the user themselves.

How does it work or a deeper look[edit]

Session Id: Users prove they own a session by submitting authentication parameters with each request that typically include a session id and other factors such as a nonce. Session ids are designed to be long and random such that it is infeasible to guess them.

Transport: Session management is essentially a process of providing secrets to authenticated users such as a session id and having them pass it back to you. As such, cryptographically secure network communications are required to implement secure session management.

Cookies:The security of clients is a concern for session management. In the case of a web browser, session ids may be stored in secure cookies. In some cases, browsers can be tricked into giving up their session credentials with attacks such as DNS spoofing. As such, consideration of cookie security is within the scope of session management.

Session Expiry: Sessions are designed to be temporary objects that expire. Their life is typically extended with each new request with a maximum age that can't be exceeded.

Session Resources:Session management may be targeted by denial of service attacks that flood services with requests to create new sessions. As such, session management is ideally resource light.

Detecting Anomalies:Session management may include features to detect anomalies such as brute force guesses of session ids or denial of service attacks.In some cases, session management may prevent users from creating multiple sessions from the same IP. For practical reasons of usability, this may be allowed up to some limit.

Examples[edit]

Please include some example of how your concept is actually used. Your example must include WHERE it is used, and WHAT IS BENEFIT of it being used.

Pictures, diagrams[edit]

Pictures and diagrams go a LONG way to helping someone understand a topic. Especially if your topic is a little abstract or complex. Using a picture or diagram is a two part process:

  1. upload a file
  2. use the file on a wiki page

References[edit]

https://www.veracode.com/security/session-management

https://simplicable.com/new/session-management