Session management facilitates secure interactions between a user and an application and applies to requests and responses associated with that particular user. When users have an ongoing session with an application, they submit requests within their session and often provide potentially sensitive information. The application may retain this information and/or track the user's status during the session across multiple requests. More importantly, it is critical that the application protects private data belonging to each unique user, especially within authenticated sessions.
Session tokens serve to identify a user’s session for the RESTful API requests and are exchanged between the application and its users. RESTful API, which relies on HTTP traffic on its own, is stateless, meaning each request is processed independently, even if they are related to the same session. Thus, session management is crucial for directing these interactions and these tokens are vital as they are passed back and forth between the user and the application. Each request and response will have an associated session token that allows the application to remember distinct information about the client using it.
Through session management, Altogic allows you to manage sessions of your application users. Below is the list of session management capabilities of Altogic that you can use in your service designs.
- You can create sessions for users. For example, your application users can access your application through different devices, and for each of these devices, you can create a user session and associated session token.
- While creating a session, Altogic automatically populates user agent information (device, operating system) of the session object.
- You can get a specific session or all sessions of a user.
- You can delete a specific session or all sessions of a user.