O'Reilly logo

Web Security by Hanqing Wu, Liz Zhao

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 9

Authentication and Session Management

Authentication is the easiest method for ensuring safety. If there is no authentication in a system, everybody could judge it to be unsafe. The most common form of authentication is protection with a username and a password, but there are other means of authentication as well. We will introduce some common means of web authentication in this chapter, as well as some related safety issues.

9.1 Who Am I?

Often, people—even safety engineers—confuse authentication with authorization and vice versa. In fact, the two concepts can be easily distinguished in the following way: Authentication is to recognize who the user is, and authorization is to decide what the user can do.

Figuratively speaking, assume ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required