V1.3 Session Management Architecture - Section Text Proposal

[ryarmst]

Simplified proposal for V1.3 section text:

Session management mechanisms provide applications the capability to correlate user and device interactions over time even using otherwise stateless communication protocols. Modern applications may utilize multiple session identifiers or tokens with distinct characteristics and purpose. There is no single pattern that suits all applications. As such, session management systems must be designed with consideration for the relevant strengths and weaknesses in conjunction with the expected use cases of the application and intended level of security assurance. A secure session management system is one that optimally prevents attackers from obtaining, utilizing, or otherwise abusing a victim's session.

[jmanico]

Very solid text, thank you!

[tghosth]

Session management mechanisms give applications the ability to correlate user and device interactions over time, even when using otherwise stateless communication protocols. Modern applications may utilize multiple session identifiers or tokens with distinct characteristics and purpose. There is no single pattern that suits all applications.

As such, session management systems must be designed with consideration for the relevant strengths and weaknesses in conjunction with the expected use cases of the application and intended level of security assurance. A secure session management system is one that optimally prevents attackers from obtaining, utilizing, or otherwise abusing a victim's session.

I made minor changes but otherwise looks good :)