Once a user successfully completes the login process, the CyberStore application creates a unique session tied to that user. The session tracks various details about the user and their interaction with CyberStore. That session then holds the key to validating a user’s authorization status for use by the connected sites.

Session Tokens as Means for Authorization

To track a single user to a unique login in a specific browsing session, CyberStore assigns a session token to it. The session token can then be shared with the connected application that initiated the login to validate a user and their request.

The session token is sent to the requesting client application by appending it to the query string of the return URL specified in the original login redirection. The developer can write code to capture the session token and store it within the active session of their own application to use whenever they need to verify the user’s request.