Session management (instance security hardening)

  • Release version: Washingtondc
  • Updated February 1, 2024
  • 1 minute to read

    • Session management helps to properly identify traffic that belongs to a specific user. Take precautions to ensure no abuse of the trust relationship.

    Web applications can create sessions to track anonymous users after the first user request. An example would be maintaining the user language preference, ensuring:
    • Identification of the user on any subsequent requests.
    • Application of security access controls.
    • Authorization of access to the user private data.
    • Increase of the usability of the application.

    Therefore, current web applications can provide session capabilities both pre and post-authentication.

    Authentication and Session Management

    Authentication is the process of verifying that an individual, entity, or website is who it claims to be.

    Authentication attempts to verify the digital identity of the sender of a communication. Testing the authentication schema means understanding how the authentication process works, and using that information to circumvent the authentication mechanism. A common example is the log in process. Authentication takes place after submission of a user name, user ID, and one or more items of private information that only the user would know.

    Session management includes security-related properties that an administrator can configure to ensure that secure session management mechanisms are established in the ServiceNow AI Platform.