#sessionmanagement — Public Fediverse posts

It would be handy if @matrix apps made all sessions ephemeral, until they're verified. So if I just want to test a client, I don't need to manually delete the session after I log out.

Also, auto-logout of unverified sessions after a certain amount of time (user-defined?) without verification being accepted (or started) from a verified session. After a "please verify" warning.

This would make session management simpler, and easier to do efficiently.

#chat #matrix #SessionManagement

Protection against user session attacks (hijack, replay, tampering, CSRF, XSS...)

https://security.stackexchange.com/questions/268882/protection-against-user-session-attacks-hijack-replay-tampering-csrf-xss

#sessionmanagement #attackprevention #sessionfixation #maninthemiddle

Logout is just clearing cookies

https://security.stackexchange.com/questions/268651/logout-is-just-clearing-cookies

#sessionmanagement #cookies

Using JWTs for internal service authentication

https://security.stackexchange.com/questions/267340/using-jwts-for-internal-service-authentication

#sessionmanagement #jwt

REST API authorization

https://security.stackexchange.com/questions/267202/rest-api-authorization

#sessionmanagement #authorization #rest #api #jwt

Storing user's session?

https://security.stackexchange.com/questions/267133/storing-users-session

#sessionmanagement

#linuxtablet #linuxaudio The #pipewire documentation seems to indicate that the pro audio concept of inter-app audio #sessionmanagement is outside of the scope of the project, and recommends #nsm, the New Session Manager (that currently stands as the reigning JACK session manager) as the session manager for pro audio in the post-JACK server world. As far as pipewire is concerned, all jack apps should work, but my interest is with understanding and supporting the new technology and standards.