Test the session management process

The session management process covers a wide range of user controls from authentication to leaving the application. HTTP is a stateless protocol, which means that web servers respond to client requests without establishing a continuous connection to it. Therefore, even a simple application requires the user to send multiple requests before a session is associated with it. This is most often done through an appropriate identification token, referred to as a session ID or cookie. Examine how the application manages the session and whether there is a possibility of a disorder of the process. The image below shows a POST request to the application server for user authentication.

POST request to the application server for user authentication

In the next figure, you can see the server response that sets the USER's ASPXUSERWU token to serve as the session ID.

server response that sets an ASPXUSERWU token for the user to serve as the session ID

Each subsequent request to the server is sent with a predetermined session token as shown in the graphic below.

request to the server is sent together with a predetermined session token

Chcesz wiedzieć więcej?

Zapisz się i bądź informowany o nowych postach.

Nigdy nie podam, nie wymienię ani nie sprzedam Twojego adresu e-mail. W każdej chwili możesz zrezygnować z subskrypcji.

Bookmark the permalink.

Podziel się swoją opinią na temat artykułu