16 lines
No EOL
581 B
Markdown
16 lines
No EOL
581 B
Markdown
# Strong vs weak sessions
|
|
|
|
a **strong** session is one that should have the power to do account level admin tasks like change password
|
|
|
|
|
|
a **weak** session has strictly fewer privileges than a strong session
|
|
|
|
## where to get a strong session
|
|
|
|
a strong session is created when a user provides a username and a password. a session remains strong until it is refreshed, at which point it becomes weak.
|
|
|
|
## where to get a weak session
|
|
|
|
A weak session is any session that has not been directly created by user credentials, i.e.:
|
|
* short-term session refresh
|
|
* long-term session refresh |