.ns { max-width: 760px; margin: 0 auto; padding: 60px 32px; font-family: Inter, sans-serif; color: #f4f4ee; } .ns h1 { font-family: Fraunces, Georgia, serif; font-size: 44px; letter-spacing: -.025em; margin: 16px 0 18px; line-height: 1.08; } .ns h2 { font-family: Fraunces, Georgia, serif; font-size: 26px; letter-spacing: -.015em; margin: 32px 0 12px; } .ns p { font-size: 16px; line-height: 1.7; color: rgba(244,244,238,.8); margin: 0 0 18px; } .ns .meta { font-family: 'JetBrains Mono', monospace; font-size: 11px; letter-spacing: .14em; text-transform: uppercase; color: #c5ff4a; margin-bottom: 8px; } .ns nav a { color: #c5ff4a; text-decoration: none; margin-right: 12px; } .ns nav { font-family: 'JetBrains Mono', monospace; font-size: 11px; letter-spacing: .12em; text-transform: uppercase; padding: 18px 0; border-top: 1px solid rgba(255,255,255,.1); border-bottom: 1px solid rgba(255,255,255,.1); margin: 32px 0; }

Web Application Security · 2024-08-17 · Sneha Iyer

Session Management Flaws: Cookies, JWTs and the Mistakes Around Them

Sessions are the long-term authentication state of an application. Get them wrong and every other defence is moot. The patterns we see, the patterns that work.

The full article renders with JavaScript enabled. The summary above is provided for accessibility and indexing.