#session-management

5d ago · 27 min read · 1 Introduction In this post, the Insecure CAPTCHA vulnerability in the Damn Vulnerable Web Application (DVWA) is described. The objective for attacks on all levels is to bypass the poor CAPTCHA system

Join discussion

WBWiktoria Blomgren Strandbergpentesting-dvwa.hashnode.dev

0

Weak Session IDs in DVWA

Apr 12 · 16 min read · 1 Introduction In this post, the Weak Session IDs vulnerability in the Damn Vulnerable Web Application (DVWA) is described. The objective for attacks on all levels is to work out how the ID is generat

Join discussion

NVNguyễn Việt Tùngdevpath-traveler.nguyenviettung.id.vn

0

Auth at the Boundary: Integrating Feide Identity via the BFF

Apr 12 · 18 min read · A note on the code in this article. The implementation shown here is derived from a production authentication integration built for a Norwegian enterprise education platform using Feide as the identit

Join discussion

JLJeremy Longshorejeremylongshore.hashnode.dev

0

Session Cookie Auth, Forgot-Password Timeouts, and Killing Flaky E2E Tests\n

Mar 25 · 6 min read · The Auth Stack Was Wrong Hustle (hustlestats.io) is a youth soccer statistics platform built on Next.js 15 and Firebase. The auth system worked — until it didn't. Users were getting logged out after one hour despite having a 14-day cookie. The forgot...

Join discussion

NVNguyễn Việt Tùngdevpath-traveler.nguyenviettung.id.vn

0

Designing a Passwordless-First PWA Architecture

Feb 14 · 6 min read · By this point in the series, we’ve established three things: Passwords are structurally fragile. WebAuthn provides phishing-resistant, device-bound authentication. OpenID Connect provides portable, federated identity. Now comes the harder questi...

Join discussion

NVNguyễn Việt Tùngdevpath-traveler.nguyenviettung.id.vn

0

Redis as a Session Store for Scalable Web Architecture

Dec 16, 2025 · 5 min read · Series: Web Authentication Demystified — From Concepts to Real-World In traditional PHP applications, sessions often feel invisible. You enable them, they work, and you move on. But once an application grows beyond a single server—especially when aut...

Join discussion

NVNguyễn Việt Tùngdevpath-traveler.nguyenviettung.id.vn

0

CloudFront Signed Cookies — How They Work and Why We Used Them

Dec 15, 2025 · 6 min read · Series: Web Authentication Demystified — From Concepts to Real-World When people think about authentication, they usually think about logging users into an application. But in real systems—especially those serving large amounts of static content—auth...

Join discussion

NVNguyễn Việt Tùngdevpath-traveler.nguyenviettung.id.vn

0

Implementing an OIDC Callback in PHP/Yii/HumHub (with Code Examples)

Dec 15, 2025 · 6 min read · Series: Web Authentication Demystified — From Concepts to Real-World Integrating an external Identity Provider (IdP) into a PHP/Yii/HumHub application requires careful handling of redirects, token exchange, validation, identity mapping, and session c...

Join discussion

NVNguyễn Việt Tùngdevpath-traveler.nguyenviettung.id.vn

0

Lessons Learned & Practical Advice for Developers from my implemented Web App

Dec 11, 2025 · 6 min read · Series: Web Authentication Demystified — From Concepts to Real-WorldARC 2 — APPLYING THE THEORY: MY REAL IMPLEMENTATIONPrevious: Security Analysis of my implemented Web App Authentication System After exploring authentication from fundamentals to arc...

Join discussion

NVNguyễn Việt Tùngdevpath-traveler.nguyenviettung.id.vn

0

Deep Dive: The User Authentication Flow in my implemented Web App

Dec 10, 2025 · 6 min read · Series: Web Authentication Demystified — From Concepts to Real-WorldARC 2 — APPLYING THE THEORY: MY REAL IMPLEMENTATIONPrevious: Architecture Overview of my implemented Web App Authentication SystemNext: Security Analysis of my implemented Web App Au...

Join discussion

Tag feed

#session-management

Tag feed

#session-management

Trending tags this week

Insecure CAPTCHA in DVWA

Weak Session IDs in DVWA

Auth at the Boundary: Integrating Feide Identity via the BFF

Session Cookie Auth, Forgot-Password Timeouts, and Killing Flaky E2E Tests\n

Designing a Passwordless-First PWA Architecture

Redis as a Session Store for Scalable Web Architecture

CloudFront Signed Cookies — How They Work and Why We Used Them

Implementing an OIDC Callback in PHP/Yii/HumHub (with Code Examples)

Lessons Learned & Practical Advice for Developers from my implemented Web App

Deep Dive: The User Authentication Flow in my implemented Web App

#session-management

Search Hashnode

#session-management

Trending tags this week

Insecure CAPTCHA in DVWA

Weak Session IDs in DVWA

Auth at the Boundary: Integrating Feide Identity via the BFF

Session Cookie Auth, Forgot-Password Timeouts, and Killing Flaky E2E Tests\n

Designing a Passwordless-First PWA Architecture

Redis as a Session Store for Scalable Web Architecture

CloudFront Signed Cookies — How They Work and Why We Used Them

Implementing an OIDC Callback in PHP/Yii/HumHub (with Code Examples)

Lessons Learned & Practical Advice for Developers from my implemented Web App

Deep Dive: The User Authentication Flow in my implemented Web App