NAIMMCQ
Programming
A server needs to verify client session validity on every request. What would be your choice of architecture for such validation?
A server needs to verify client session validity on every request. What would be your choice of architecture for such validation?
A server needs to verify client session validity on every request. What would be your choice of architecture for such validation?
- Since there is a network connection between the client and the server, no session validation is necessary.
- Every request from the client includes a token issued by the server. The server keeps tokens for all active sessions in server memory. A session is valid if the server finds the token in the list of active tokens.
- Every request from the client includes a token issued by the server. The server keeps tokens for all active sessions in the database. A session is valid if the server finds the token after querying the database.
- Every request from the client includes a token issued earlier by the server. The token is encrypted by server, and contains an expiration date. A session is valid if the server finds that the token has not expired at the moment of validation.