Professional Documents
Culture Documents
A web session is a sequence of network HTTP request and response transactions associated
with the same user. Modern and complex web applications require the retaining of information
or status about each user for the duration of multiple requests. Therefore, sessions provide the
ability to establish variables – such as access rights and localization settings – which will apply to
each and every interaction a user has with the web application for the duration of the session.
Session ID Properties
Session ID Name Fingerprinting
Session ID Length (128bit – min)
Session ID Entropy (64char)
Session ID Content (or Value)
Cookies
The session ID exchange mechanism based on cookies provides multiple security features in the
form of cookie attributes that can be used to protect the exchange of the session ID.
Secure Attribute
HttpOnly Attribute
SameSite Attribute
Domain and Path Attributes
Expire and Max-Age Attributes
Web Workers
Use Case
Session Expiration
Automatic Session Expiration
Idle Timeout
Absolute Timeout
Renewal Timeout