Web sessions

Web sessions

The most common method is to store a token, or session ID, in a browser cookie. Based on that token, the server then loads the session data from a data store. Over the years, a number of best practices have evolved that make cookie-based web sessions reasonably safe. The OWASP organization lists a number of recommendations aimed at reducing common attacks such as session hijacking or session fixation.

Sticky sessions

https://stackoverflow.com/questions/10494431/sticky-and-non-sticky-sessions/13641836#13641836

Reference:

https://blog.gopheracademy.com/advent-2017/web-sessions-and-users/

https://en.wikipedia.org/wiki/Session_hijacking

https://en.wikipedia.org/wiki/Session_fixation

https://github.com/rivo/sessions

https://en.wikipedia.org/wiki/HTTP_cookie#Cookie_theft_and_session_hijacking

https://en.wikipedia.org/wiki/Cross-site_request_forgery

https://en.wikipedia.org/wiki/Representational_state_transfer#Stateless

https://en.wikipedia.org/wiki/Source_routing