Hi, I'm just doing some research on session management. I talked to my project manager about how we manage user sessions. I'm not sure what she is saying or if she knows much about the issue.
I told her: "Using a third party tool is best practice. Session management is a very difficult and complex issue. Third party tools have been tested and are continually tested and updated while home-made tools may not take into consideration all the possible ways of attacking or its own vulnerabilities due to the way it was created."
Her reply was: "Thanks for the tips on the industry’s best practices. Currently the production environment does not support session servers. We have to work with the client’s existing infrastructure. Please research on what we can do on our own application code, since we have more control over it."
I did a search on session servers and I didn't really find anything except some stuff about mindcraft. Until her comment I had not really heard of a session server. Does having a third party tool mean using a session server??? I'm assuming she knows we have our own built in session management even though it is not recommended.
Any suggestions? things i can ask or look for? Currently i don't have access to the code. I'm just doing research. I'm also a novice at this issue. I'm reading articles online in the meantime. I was just wondering IF she was usingproper terminology and what to make of her statements.
Thanks!