Stack Overflow
Stack Overflow

Questions tagged [session-management]

Use tag when there are questions specific to session management in any domain (web, mobile, etc)

As per introduction of a Session:

Session management is the technique used by the web developer to make the stateless HTTP protocol support session state by making use of session variables.

For example, once a user has been authenticated to the web server, the user's next HTTP request (GET or POST) should not cause the web server to ask for the user's account and password again.

298 questions
0
votes
0 answers

How to limit javascript function execution to specific window?

First off, apologies if the title isn't descriptive. What I'm trying to do is logout/expire from a session no matter how many tabs are open. So to explain a bit more in detail, let's say I have all tabs open. After a certain time of inactivity a…
ethikz
  • 379
  • 4
  • 24
0
votes
1 answer

iPhone App / Web App Session Theory

In PHP, you manage the Session on the server... accessing any of the session properties there on the server along side your web application. How does this translate to an iPhone App? If I'm connection to web services (PHP, ColdFusion), where should…
dcolumbus
  • 9,596
  • 26
  • 100
  • 165
0
votes
0 answers

Spring JPA manager : don't flush the Session after an exception occurs

I have simple code where I am adding into the tables and if one of the table entry fails to add the data into the table then delete the data from all the table. Code : @Component public class Operation { ... public void execute(Long…
Developer
  • 493
  • 2
  • 8
  • 19
0
votes
0 answers

SSL Error even though evaluation for the URL is disabled?

I create a custom manager in my class. I then make all requests using that manager, but I'm still getting an SSL validation error. I thought disabling evaluation would stop me receiving this error. Is something wrong with my custom manager? …
SuperHanz98
  • 2,090
  • 2
  • 16
  • 33
0
votes
1 answer

How should session management be designed?

I'm looking for general advice on how to design a secure session management system. The system I have in place currently follows this design, but it just dawned on me how stupid it is to put all that crap in every URL, especially when you get web…
Jason B
  • 13
  • 2
0
votes
1 answer

How to keep track of whether a user with an access token still has a valid session?

I'm new to OIDC and session management in general, and was wondering what would be recommended way to make sure a user's session is valid after they've already logged in to a site using implicit flow or authorization code flow. For example, let's…
iepure
  • 249
  • 2
  • 14
0
votes
1 answer

ASP.NET Session limit best practice

We're running a PaaS ASP.NET application in an Azure App Service with 3 instances and managing session data outproc in a SQL Server database. The application is live and we've noticed a large amount of session data for some users when following…
Bruce
  • 99
  • 1
  • 9
0
votes
1 answer

Logout does not expire session tokens

We recently got our Laravel 5.6 application penetration tested and one of the issues which were flagged was the expiration not being set correctly on Logout. The AuthenticatesUsers trait calls the invalidate method on the session which basically…
aliasunknown
  • 49
  • 5
0
votes
0 answers

Microsoft.Web.Redis.RedisSessionStateProvider session management connection string

I am using below configuration setting for session management on Redis. Now due to some security reasons I need to encrypt the connection string. What is the way to doing this. Below is the configuration which I am using in my web config…
शेखर
  • 17,412
  • 13
  • 61
  • 117
0
votes
0 answers

Is changing SessionId causing this error "Viewstate verification failed. Reason: The viewstate supplied failed integrity check."

I built a site that's running on a two load-balanced servers (web-farm), after a while I had to do the following: at the login page, when the user enters user-name and pass, if the user is valid then I'm abandoning the session and creating a new one…
B.Simboliq
  • 55
  • 7
0
votes
0 answers

How to use different session id for same user across different django project with same database

I have 2 Django projects running on different domains. Both are using the same database and the same models. One project is in 2.7 and another project is in 3.7. When user login into one domain, it logs out the user from other domain. I have login…
Ehsaan Israr
  • 589
  • 1
  • 4
  • 14
0
votes
2 answers

Is there a concept of session management in Winforms applications?

Today I was asked why we cannot implement state management in Winforms applications like we do in web applications, and I did not know the answer. Can someone explain why we cannot, or if we can, explain how it works at a high level?
Developer
  • 8,390
  • 41
  • 129
  • 238
0
votes
1 answer

Session Management in Swing application consistency check

I'm using a Singleton-like class to operate session and make the classes to be referenced easily. I have two classes LockPage and HomePage which are lazily initialized. My Singleton-like class is here: public class Session{ private static LockPage…
Hari Kiran
  • 188
  • 13
0
votes
1 answer

GCP Session Management Options

I'm moving a project to google cloud and I'm looking for some best practices on session management. My current application simply leverages native PHP Sessions on the web server. However, I'll now end up with a H/A architecture for both my web…
Runicode
  • 291
  • 2
  • 3
  • 19
0
votes
2 answers

php session variables expire after 30 mins

I have a php application running on LAMP. All the form information needs to be stored in Database. When the user does not submit the form more than 30 min, tries to submit later the php session variables get expired. How can I solve this issue?
user646540
  • 1
1 2 3
19 20