Software Engineering Stack Exchange
Software Engineering Stack Exchange

Questions tagged [session]

104 questions
26
votes
5 answers

Why can't we use IP address instead of cookies in identifying the client in servlets?

I know we have some extra advantages in using the cookies over IP address, but my question is Why can't the container just remember the IP address of the client in identifying the client when he visit his site again? Is it possible for the container…
JAVA
  • 1,220
  • 3
  • 15
  • 17
20
votes
1 answer

Why do popular websites store very complicated session-related data in cookies -- and what does it all mean?

As web developers, we all learn that sessions help overcome the problems related to the stateless nature of HTTP. We create a unique session id, and send it to the browser -- and when the browser sends the same id back to us, we identify the user…
treecoder
  • 9,475
  • 10
  • 47
  • 84
18
votes
6 answers

HTTP Session or Database approach

I am confused a little as what should be my approach, Working on a design of shopping cart and i need to store shopping cart either in session or in database but not sure which approach would be best.here are the use case User is not logged in and…
Umesh Awasthi
  • 377
  • 2
  • 5
  • 11
12
votes
2 answers

cookie vs. session vs jwt

I am reading up on authentication/authorization in web applications. Could anybody confirm/correct my current knowledge? Cookies: in their early version, a text file with a unique client Id an all the other information needed about the client (e.…
user3629892
  • 231
  • 1
  • 2
  • 5
12
votes
4 answers

User session timeout handling in SaaS apps - discussing several approaches

I know this has a great chance of being marked as duplicate, but couldn't find exactly what I'm looking for This is a common problem and I'm sure it has some well defined best practice solution Background A single page SaaS app, has lot's of drag…
Eran Medan
  • 1,043
  • 2
  • 10
  • 18
12
votes
4 answers

Why can't WARs share session info?

I have seen several developers looking for a solution for this problem: accessing session information from a different WAR (even when inside the same EAR) - here are some samples: Any way to share session state between different applications in…
rvcoutinho
  • 576
  • 1
  • 3
  • 10
10
votes
7 answers

What is the most reliable session storage in PHP: Memcache, database or files?

What is the best and most safest way to handle PHP sessions. Is the best way to store sessions in: Database (more reliable, but high bottleneck, slow speed, not good for high database usage websites)? Memcache (super fast, but distributed more…
user1179459
  • 1,183
  • 3
  • 13
  • 18
8
votes
3 answers

Authentication via tokens

I'm relatively new to jwt.io and authentication and I'm using JWT.io in following manner. Server Side Once user logs in, I generate a token with userid embedded inside and pass it back to the user in the message body Client Side Browser/JS I'm…
user2727195
  • 241
  • 2
  • 7
8
votes
1 answer

RESTful API with session tokens.. ehh?

After looking at a lot of session/state debates with regard to REST and finding nothing concrete, I'm just going to cut to the chase and ask myself. Developing a RESTful API as a backend for a mobile app, I (think I) want to keep track of all users…
Zoon
  • 191
  • 1
  • 1
  • 4
8
votes
3 answers

Best solution to authorize that a user is only allowed to modify/act with their own resources in a REST API

Background: Currently in the process of building out a REST API, using node w/express and it is consumed by a mobile app and eventually a (modern browser based) website. I'm trying to identify the best way to authorize a user's update/action request…
Ashtonian
  • 209
  • 2
  • 8
8
votes
4 answers

How to store Role Based Access rights in web application?

Currently working on a web based CRM type system that deals with various Modules such as Companies, Contacts, Projects, Sub Projects, etc. A typical CRM type system (asp.net web form, C#, SQL Server backend). We plan to implement role based…
JonH
  • 304
  • 1
  • 2
  • 18
7
votes
1 answer

Session in RESTful web services, how it works?

In a web services, how does the server know which request belongs to which session? I know that for a web application, the web server inspects the cookie (or the sessonId query parameter in case cookies are disabled) so it knows which session the…
dnang
  • 575
  • 3
  • 5
  • 10
6
votes
2 answers

How to handle a large amount of authenticated clients

I currently have made a multithreaded server in c++ for windows, where each connected client gets a thread to themselves which stays running until the client's socket is closed. When a client connects, they can run commands (fetch motd, get current…
hopeless_nerd
  • 63
  • 2
6
votes
1 answer

Best practices for using HTTP sessions(Java)

My Question is not about how to use HTTP session or how values are being used in session. Question is more oriented about approach. In my current application there are few values being stored in the Session and we require those values every now and…
Umesh Awasthi
  • 377
  • 2
  • 5
  • 11
6
votes
2 answers

Are session aware Models a bad thing?

I'm thinking specifically in Rails here, but I suspect this is a wider question. In a Rails web application I'm using data from the session in models in order that the models know who is logged in. I use this in a method which filters out some data…
kevtufc
  • 163
  • 1
  • 6
1
2 3 4 5 6 7