Before getting into the second step towards security we should know about session and session management . Session : session is the time interval in which an user interact with your application. Like In simple wording time from login to logout is one session. Session basically use to track user information and state. Why Session why we need session in our application: Actually we use HTTP or HTTPS protocol for communication purpose in web applications. HTTP protocol is a state less protocol that means after generation result for your request it do not know you, second request will be considered as a new user request. It means after generation result application do not have any information regarding previous communication. This is the basic nature of HTTP protocol. So to track all action performed by user in particular time interval session concept introduced. there are following way to track user information:...