FusionAuth supports two approaches to application session management: centralized session management and application managed sessions. Each has their strengths and weaknesses. For an in-depth look at session management using FusionAuth, check out the Logout And Session Management guide which dives into these approaches in much more detail.
In this post, you’ll look at centralized session management and application managed sessions and learn about their strengths and weaknesses.
But first, let’s talk about what a session is. A user session refers to the period during which a user interacts with a web application, mobile application or website.
Sessions often contain useful data about a user to allow an application to provide functionality, but they also allow a web server, which communicates using the stateless HTTP protocol, to correlate multiple requests into a user interaction.
If the answer is “yes”, then you want centralized session management. If the answer is “no”, then application managed sessions will work for you. Let’s dig into these options a bit more.