Skip to the content
  • Why Vertex
    • Expertise in Education
    • Your Trusted Partner
    • Humanitix Case Study
    • Give Back
    • Careers
  • Penetration Testing
  • ISO27001
  • Cyber Training
  • Solutions
    • Cyber Security Audit
    • Incident Response
    • Managed Services
  • News
  • Contact
  • Why Vertex
    • Expertise in Education
    • Your Trusted Partner
    • Humanitix Case Study
    • Give Back
    • Careers
  • Penetration Testing
  • ISO27001
  • Cyber Training
  • Solutions
    • Cyber Security Audit
    • Incident Response
    • Managed Services
  • News
  • Contact
LOG IN

Session Management in web Apps

HTTP (the protocol used to deliver web pages) is stateless, which means that each request and response is independent of each other. The problem with this is that websites have no way of tracking who you are as you travel from one page to another. Imagine having to repeatedly log on to each page you visit – it’d be a nightmare! This is where session management comes in.

A session is a collection of inter communications between a consumer and an application within a given time-frame. When done correctly, session management allows for a fluid user experience. Users are able to log in and traverse the site, having all their preferences (such as whether or not dark mode is enabled, their currency, and language) remembered and configured to their liking. When it is done poorly however, security risks are created, and attackers may be able to do things like hijack users’ accounts and assume their identities.

A recent example of poor session management is a bug which was disclosed by Twitter. Typically when a user logs out, active logged-in sessions on all devices are destroyed. This way, if a user loses their phone or suspects someone is logged into their account, they can reset the password and their account will be logged out of all devices. The bug in Twitter prevented active logged-in sessions on Android and iOS from being deleted after an account’s password was reset.

Session management vulnerabilities can be avoided in the first place by secure coding practices (which can be learned through secure code training), or revealed in things like penetration tests and code reviews. Vertex Cyber Security has helped many clients write good secure code and revealed vulnerabilities such as this in code reviews and penetration tests. If you would like to talk to our cyber security experts, feel free to contact us on 1300 2 CYBER (29237) or .

CATEGORIES

Code - Cyber Attack - Cyber Security - Hacker - Penetration Testing - Training - Vulnerability

TAGS

SHARE

PrevPreviousOptus Data Breach – What Should You Do?
NextAustralian Pensioner Scammed Out Of $25,000Next

Follow Us!

Facebook Twitter Linkedin Instagram
Cyber Security by Vertex, Sydney Australia

Your partner in Cyber Security.

Terms of Use | Privacy Policy

Accreditations & Certifications

blank
blank
blank
blank
blank
  • 1300 229 237
  • Suite 13.04 189 Kent Street Sydney NSW 2000 Australia
  • 121 King St, Melbourne VIC 3000
  • Lot Fourteen, North Terrace, Adelaide SA 5000
  • Level 2/315 Brunswick St, Fortitude Valley QLD 4006, Adelaide SA 5000

(c) 2025 Vertex Technologies Pty Ltd.

download (2)
download (4)

We acknowledge Aboriginal and Torres Strait Islander peoples as the traditional custodians of this land and pay our respects to their Ancestors and Elders, past, present and future. We acknowledge and respect the continuing culture of the Gadigal people of the Eora nation and their unique cultural and spiritual relationships to the land, waters and seas.

We acknowledge that sovereignty of this land was never ceded. Always was, always will be Aboriginal land.