You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/container-apps/sessions.md
+5-5Lines changed: 5 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -77,14 +77,14 @@ For code interpreter sessions, you can also use an integration with an [LLM fram
77
77
78
78
##### Protecting session identifiers
79
79
80
-
The session identifier is critical and sensitive information that must be securely created and managed. It's important to secure your application to ensure each user or tenant only has access to their own sessions.
80
+
The session identifier is sensitive information which requires a secure process as you create and manage its value. To protect this value, your application must ensure each user or tenant only has access to their own sessions.
81
81
82
-
The specific strategies to prevent misuse of session identifiers differ depending on the design and architecture of your app. However, your app must always have complete control over the creation and use of session identifiers so that a malicious user can't access another user's session.
82
+
The specific strategies that prevent misuse of session identifiers differ depending on the design and architecture of your app. However, your app must always have complete control over the creation and use of session identifiers so that a malicious user can't access another user's session.
83
83
84
-
Some example strategies include:
84
+
Example strategies include:
85
85
86
-
* If your app uses one session per user, each user must be securely authenticated and your app must use a session identifier that is unique to the corresponding logged in user.
87
-
* If your app uses one session per AI agent conversation, ensure your app uses a session identifier that is unique to each conversation and can't be modified by the end user.
86
+
***One session per user**: If your app uses one session per user, each user must be securely authenticated, and your app must use a unique session identifier for each logged in user.
87
+
***One session per agent conversation**: If your app uses one session per AI agent conversation, ensure your app uses a unique session identifier for each conversation that can't be modified by the end user.
88
88
89
89
> [!IMPORTANT]
90
90
> Failure to secure access to sessions may result in misuse or unauthorized access to data stored in your users' sessions.
0 commit comments