Session management is tricky. Obviously, caching user credentials is unsafe. Modern websites employ a variety of techniques, most often assigning active sessions a unique identifier, which is called a token. Besides this single and basic strategy, it is necessary to implement additional checks to maximize safety.
The strength of computer security is often based on the mathemagic of random numbers.
Tokens should be randomly generated, or forgery should be too easy.
The Moonpig bug is an example of how a company’s neglect of security standards led to three million customer accounts being compromised.
Notice that our online presence is interconnected. An unimportant online account could leak the information necessary to hack your Google or iCloud accounts…
The principles of security research extend beyond cyber/computer security. Your social security number is probably vulnerable to this flaw…
Let’s Talk! demonstrates this vulnerability.