Tag: Session hijacking

Are you using JWTs for user sessions in the correct way?

Are you using JWTs for user sessions in the correct way?

JSON Web Tokens (or JWTs) have become incredibly popular and you’ve likely heard of them before. What you may not have heard is that JWTs were originally designed for use in OAuth – which is fundamentally different to user sessions. While the use of JWTs for OAuth is widely accepted, its use for authenticating users …

+ Read More

The best way to securely manage user sessions

The best way to securely manage user sessions

This is part 2 in a two-part series on session management. If the reader understands the general concepts of JWT (JSON web token) and user sessions, then Part 2 can be read without reading Part 1. Part 1: Introduction to session management, analysis of most commonly used session flows, and best practices Part 2: Analysis …

+ Read More

All you need to know about user session security

All you need to know about user session security

What follows is a 2 part series on session management — inspired by extensive conversations with over 70 developers and our own intensive research. We will explore different session management practices, identify issues and converge on a solution to these issues. Through it all, I hope to leave you with clarity on deciding how to …

+ Read More