Back to Security Pattern Catalog




Security Session


Classification Key : Core Security, Information Disclosure

Problem

Many web based transactions require the user to browse through multiple web pages. Normally the user logs in at the start of transaction and then follows multiple web pages. Different components acting on behalf of a user might need to know, which user is activating them and what are the user’s permissions. Having every individual component or program within the system identifying, authenticating and authorizing users is annoying to both users and developers. In addition, system components might call each other or work together and thus need a way to share information regarding the user without compromising this ‘global’ data to other users. How can the user data be shared between components ?

Solution

Create a session object, that holds all of the variables that need to be shared by many objects. Associate every action of the user with the session.

Known Uses

Cookies in HTTP protocol.

Related Patterns

Single Sign On, Policy Enforcement Point, Integration Reverse Proxy, Front Door

Source

Wiley Book

Tags

Single Sign On, Session


 

Last modified: May 05, 2012

Conceived and Maintained by: Munawar Hafiz