Application Security Terminology

Glossary

Session Management

Session management is the rule set that governs interactions between a web-based application and users. Browsers and websites use HTTP to communicate, and a web session is a series of HTTP requests and response transactions created by the same user. Since HTTP is a stateless protocol, where each request and response pair is independent of other web interactions, each command runs independently without knowing previous commands. In order to introduce the concept of a session, it is necessary to implement session management capabilities that link both the authentication and access control (or authorization) modules commonly available in web applications.

There are two types of session management – cookie-based and URL rewriting. These can be used independently or together. A web administrator uses session management to track the frequency of visits to a website and movement within the site.

Learn about website authentication best practices and session management in Java. Read our article Session Cookie Secure Flag Java.