A Brief Introduction to User Sessions and Authentication

When talking about user authentication, we refer to that process that identifies a specific user, letting them read, write, update, or delete any protected content, depending on their authorization level.

A typical example could be a simple blogging system: we can publish, edit, or even delete content only after authenticating ourselves.
There are many different authentication strategies, but the most common are:

• Credentials-based authentication: This method allows us to log in to a system using personal credentials, commonly an email address and a password.

• Social login: We can log in to a system using our social accounts (Facebook, Twitter, LinkedIn).

• Passwordless login: In recent years, this has become a pretty popular authentication method. Platforms such as Medium and Slack will send us what’s called a magic linkA magic link allows the user to log in without entering a password via a special web link. to our email address, letting us enter our account without typing any password.

• Single sign-on (SSO): Services such as Okta provide a way of using unique credentials for many different services, centralizing user authentication over their own service. Once we log in to an SSO system, it will redirect us to the desired website, granting our identity.

But once we log in to a system, we want it to remember us, so we don’t have to authenticate ourselves on every page change during our navigation. This is where session management kicks in.

Again, there are many ways to manage user sessions. If we’re familiar with PHP, we may know that it provides a built-in method for controlling the user session. Let’s look at the following code snippet: