A financial services company is experiencing issues with their web application where users are complaining that they have to re-authenticate multiple times during their workflow. The security team wants to implement a solution that maintains security while improving the user experience. Which session management approach would be MOST appropriate?
Storing user credentials in browser cookies for automatic re-authentication
Implementing session tokens with longer timeout values
Using IP address tracking to maintain user sessions
Implementing session tokens that are valid until the user logs out
The correct answer is implementing session tokens with appropriate timeout values. Session tokens provide a secure way to maintain a user's authenticated state across multiple requests without requiring re-authentication for each interaction. By setting appropriate timeout values (neither too short nor too long), the organization balances security with usability.
The other options have significant issues:
Long-lasting sessions with extended expiration would create a security vulnerability by maintaining authentication for excessive periods
Storing credentials in browser cookies would expose authentication information in an insecure manner
IP-based session tracking is problematic because many users might share the same IP address (especially with NAT) or a legitimate user's IP might change during a session (mobile users)
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are session tokens and how do they work?
Open an interactive chat with Bash
What are timeout values in session management?
Open an interactive chat with Bash
Why is storing user credentials in browser cookies considered insecure?
Open an interactive chat with Bash
ISC2 CISSP
Identity and Access Management (IAM)
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access