A financial services company is experiencing issues with their web application where users are complaining that they have to re-authenticate multiple times during their workflow. The security team wants to implement a solution that maintains security while improving the user experience. Which session management approach would be MOST appropriate?
Implementing session tokens with longer timeout values
Storing user credentials in browser cookies for automatic re-authentication
Implementing session tokens that are valid until the user logs out
Using IP address tracking to maintain user sessions
The correct answer is implementing session tokens with appropriate timeout values. Session tokens provide a secure way to maintain a user's authenticated state across multiple requests without requiring re-authentication for each interaction. By setting appropriate timeout values (neither too short nor too long), the organization balances security with usability.
The other options have significant issues:
Long-lasting sessions with extended expiration would create a security vulnerability by maintaining authentication for excessive periods
Storing credentials in browser cookies would expose authentication information in an insecure manner
IP-based session tracking is problematic because many users might share the same IP address (especially with NAT) or a legitimate user's IP might change during a session (mobile users)
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are session tokens?
Open an interactive chat with Bash
Why are longer session token timeout values recommended instead of indefinite sessions?
Open an interactive chat with Bash
Why is IP-based session tracking not an effective session management solution?
Open an interactive chat with Bash
ISC2 CISSP
Identity and Access Management (IAM)
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .