SuperTokens for Webware

What is SuperTokens? SuperTokens is the most secure solution for user session management - enabling robust prevention and detection of attacks. We mitigate against all types of attacks (XSS, MITM, session fixation, CSRF etc) and are the only ones that we know of to scalably implement detection of auth token theft (as per the official OAuth 2.0 specifications in RFC 6819). We have solved the scalability, race conditions and failure issues usually associated with this. Fitbit tried to implement theft detection in 2016 but was unable to do so. Many companies build their own session management solution - which can take weeks to months (depending on developer experience and robustness of their solution). Ours can be rapidly integrated with in a few days.

What is user session management? Services (eg: Facebook, Netflix, slack etc) store authentication tokens (identifying information) on the user's device which enables the user to access the service without the need to login repeatedly. Session management is the system through which these tokens are created, stored, changed and destroyed. Digital services (eg: Facebook, slack etc) store authentication tokens on the user's device - enabling the user to access the service without needing to use their login credentials on every API request. Session management is the system through which these tokens are created, stored and validated.

What's the problem? A stolen token can provide significant access to a user's account and these tokens are far more susceptible to theft than passwords (they have a much higher frequency of transit and are stored on the frontend). Session management is incredibly important and several notable hacks have occurred as a result of token theft (Docker Hub ~200k accounts compromised, Facebook 50-90M accounts compromised). Many companies implement a very basic session management flow due to the pressure of product timelines with security becoming a low order priority.