Join Log in
Score:0
MrRobot9 avatar Server

What role does session on the Authorization server play?

sa flag
MrRobot9

I was reading about Sessions in this article https://auth0.com/docs/users/sessions

It says when a user logs in, two types of sessions are create

Two sessions are created:

The local session (storezero.io): Allows the application to know if a user is authenticated.

The session on the Authorization Server (storezero.auth0.com): Allows the Authorization Server to know if a user is authenticated and optionally, tracks other information. For example, the Authorization Server can track whether a user has authenticated using MFA. If so, the next time the user arrives at the Authorization Server, they won't need to see a login page or be prompted to use MFA again.

It says "the next time the user arrives at the Authorization Server, they won't need to see a login page or be prompted to use MFA again."

What does this sentence exactly mean? why wouldn't they see a login page?

What role does the session on the Authorization server? Why is it important to store sessions in the authorization server? If we use JWT tokens to authenticate, I don't see any use in storing the sessions on the server. (Because JWT tokens can be validated by the resource server and don't need to communicate with the authorization server)

19
0 + 0
Score:0
avatar Server
st flag
surfingonthenet

Reading docs from the link you mentioned enter link description here

all of which the session stores temporarily while the user is connected.

By default, when a user leaves a website or closes their browser, their session ends. To keep users from having to log in every time they return, applications can extend sessions by storing session information in a cookie.

  • Sessions refer to a user's browsing activity. When the user closes the browser, it ends the session as well;
  • If the user opens a second browser on the same machine, it starts a new session. The user will then be asked to log in;
  • If the user closes the browser without logging out, they won't be redirected to the login page when accessing the same URL, if cookies and the session haven't expired (Gmail works this way).
0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.