Tag feed

#session-management

45 posts0 followers

Explore Hashnode

Alternatives

Trending tags this week

SKSreeram K Scode-as-a-story.hashnode.devJun 13 · 5 min read

What is CSRF (Cross-Site Request Forgery)?

Story Time Imagine this, you are going to your bank to withdraw money for some need (I know you have banking apps but bear with me here..). The bank employee there informs you that they now have the a

0

VRVISHAL RAYrayvishal.hashnode.devMay 10 · 1 min read

The Modern Guide to Auth: Sessions, JWTs, and Cookies Explained

While building authentication you often confuse in Session, JWTs and cookies . in this blog we explore everything from screteh.

0

WBWiktoria Blomgren Strandbergpentesting-dvwa.hashnode.devApr 18 · 27 min read

Insecure CAPTCHA in DVWA

1 Introduction In this post, the Insecure CAPTCHA vulnerability in the Damn Vulnerable Web Application (DVWA) is described. The objective for attacks on all levels is to bypass the poor CAPTCHA system

0

WBWiktoria Blomgren Strandbergpentesting-dvwa.hashnode.devApr 12 · 16 min read

Weak Session IDs in DVWA

1 Introduction In this post, the Weak Session IDs vulnerability in the Damn Vulnerable Web Application (DVWA) is described. The objective for attacks on all levels is to work out how the ID is generat

0

NVNguyễn Việt Tùngdevpath-traveler.nguyenviettung.id.vnApr 12 · 18 min read

Auth at the Boundary: Integrating Feide Identity via the BFF

A note on the code in this article. The implementation shown here is derived from a production authentication integration built for a Norwegian enterprise education platform using Feide as the identit

0

JLJeremy Longshorejeremylongshore.hashnode.devMar 25 · 6 min read

Session Cookie Auth, Forgot-Password Timeouts, and Killing Flaky E2E Tests\n

The Auth Stack Was Wrong Hustle (hustlestats.io) is a youth soccer statistics platform built on Next.js 15 and Firebase. The auth system worked — until it didn't. Users were getting logged out after one hour despite having a 14-day cookie. The forgot...

0

NVNguyễn Việt Tùngdevpath-traveler.nguyenviettung.id.vnFeb 14 · 6 min read

Designing a Passwordless-First PWA Architecture

By this point in the series, we’ve established three things: Passwords are structurally fragile. WebAuthn provides phishing-resistant, device-bound authentication. OpenID Connect provides portable, federated identity. Now comes the harder questi...

0

NVNguyễn Việt Tùngdevpath-traveler.nguyenviettung.id.vnDec 16, 2025 · 5 min read

Redis as a Session Store for Scalable Web Architecture

Series: Web Authentication Demystified — From Concepts to Real-World In traditional PHP applications, sessions often feel invisible. You enable them, they work, and you move on. But once an application grows beyond a single server—especially when aut...

0

NVNguyễn Việt Tùngdevpath-traveler.nguyenviettung.id.vnDec 15, 2025 · 6 min read

CloudFront Signed Cookies — How They Work and Why We Used Them

Series: Web Authentication Demystified — From Concepts to Real-World When people think about authentication, they usually think about logging users into an application. But in real systems—especially those serving large amounts of static content—auth...

0

NVNguyễn Việt Tùngdevpath-traveler.nguyenviettung.id.vnDec 15, 2025 · 6 min read

Implementing an OIDC Callback in PHP/Yii/HumHub (with Code Examples)

Series: Web Authentication Demystified — From Concepts to Real-World Integrating an external Identity Provider (IdP) into a PHP/Yii/HumHub application requires careful handling of redirects, token exchange, validation, identity mapping, and session c...

0

#session-management

Search Hashnode

#session-management

Explore Hashnode

Trending tags this week

What is CSRF (Cross-Site Request Forgery)?

The Modern Guide to Auth: Sessions, JWTs, and Cookies Explained

Insecure CAPTCHA in DVWA

Weak Session IDs in DVWA

Auth at the Boundary: Integrating Feide Identity via the BFF

Session Cookie Auth, Forgot-Password Timeouts, and Killing Flaky E2E Tests\n

Designing a Passwordless-First PWA Architecture

Redis as a Session Store for Scalable Web Architecture

CloudFront Signed Cookies — How They Work and Why We Used Them

Implementing an OIDC Callback in PHP/Yii/HumHub (with Code Examples)