Pushing Left, Like a Boss — Part 5.4 — Session Management

#programming #tutorial #beginners #security

This series, and my blog, have moved!

It is my firm opinion that only the session management features in your framework should be used to manage identity or a user session. The HTTP 1.1 protocol was never designed to manage these concepts and thus there is no default way to do this built into it. When you choose a framework, such as .Net, Ruby or Spring, they have built in features to handle this, and you should always use those features. Don’t be tempted to think you can do better on your own, let the experts handle this for you.

As an ex-dev, I know the temptation to write your own. Trust me, don’t.

Much of the information in this section was learned from the OWASP Cheat Sheet — Session Management, as written by Raul Siles. For a much more in-depth look on this topic, check it out.

Below is general guidance on session management. Again, always use the features in your framework and otherwise use the advice below...

Read the rest of this article on my NEW blog!

Bring your solution into Docusign. Reach over 1.6M customers.

Docusign is now extensible. Overcome challenges with disconnected products and inaccessible data by bringing your solutions into Docusign and publishing to 1.6M customers in the App Center.

Learn more