Session Management
← Back to Cookies and Sessions
Server-side state associated with a client, identified by a session ID stored in a cookie. Session data can be stored in memory (single server), a shared store (Redis, database), or encoded in the cookie itself (JWT). Considerations include expiration, invalidation, and session fixation attacks.