Platform
HYPR Identity Assurance Platform
Complete identity security solution that creates trust in the identity lifecycle

HYPR Authenticate: Passwordless MFA
Phishing-resistant FIDO passkeys-based security

HYPR Adapt: Risk Policy & Orchestration
Comprehensive identity risk engine and adaptive authentication

HYPR Affirm: Identity Verification
Identity proofing and verification built for the enterprise

Key Integrations

Entra ID (Azure)

Okta

Ping

CrowdStrike

Idemia

Yubico

SSH & Linux

ForgeRock

SiteMinder

Citrix

OneLogin

See All Integrations

HYPR Enterprise Passkeys
Integrate proven FIDO2 phishing-resistant passwordless authentication with your IAM environments
Solutions
Industry

Financial Services

Critical Infrastructure

Energy

Retail & Hospitality

Business Initiative

Modernize User Experience
Boost productivity, satisfaction and engagement for workforce and customers

AI Attack Prevention
Thwart generative AI attacks against your business

Workforce Identity Security & KYE
Improve workforce security & Know Your Employee

Deploy Passkeys
Find the right next-gen passkeys for your business

Accelerate Compliance
Meet regulatory requirements without disrupting user experience

Call Center Verification
Improve verification of employees and customers

Zero Trust Authentication
Stop credential-based attacks with a Zero Trust identity approach

The Total Economic Impact™ of HYPR
Forrester Consulting calculates that HYPR customers save millions of dollars, with a 324% ROI
Resources
Resource Center
Learn about IAM security, passkeys and passwordless authentication technology

Customer Stories

Reports and Guides

Passkey Resources

Videos

State of Passwordless Security

See All Resources

Additional Resources

Blog

Definitive Passwordless Guide

Security Encyclopedia

How HYPR Passwordless Works
How HYPR Authenticate passwordless MFA works

Support Center
Support help, setup guides, developer documentation and more

Documentation

API Reference

Knowledge Base

System Status

Get Support

User Guide
Company
About HYPR
HYPR creates trust in the identity lifecycle

Careers

News

Events

Security & Certifications

Contact Us

Partner Program

Become a Partner

State of Passwordless Security Report
The third annual edition investigates top attack vectors, the greatest security gaps, and the impact of passwordless authentication
Pricing
icon-search
Get a Demo

Encyclopedia Stateful Authentication (Session-Based)

Stateful Authentication (Session-Based)

Stateful Authentication is a way to verify users by having the server or backend store much of the session information, such as user properties. It is simpler to implement than Stateless or Token-Based Authentication but it is resource-intensive causing the server to perform lookups for every request.

In stateful authentication, whenever the client sends a request to the server, the server must look up session information such as user properties and match them against its identity provider (IdP). It involves receiving the client’s reference ID and marching it against a considerable amount of stored authentication data that is has on all users.

Stateful authentication is also called session-based authentication or cookie-based authentication for the session information the server must store on the user.

Stateful authentication is straightforward and easy to implement however its drawbacks include a lack of scalability.

Example:

"We're looking into an alternative to stateful authentication because of the toll it takes on our servers. All of these lookups to check cookies on user sessions has our servers running hot, which creates its own problem."

A B C D E F G H I K L M N O P Q R S T U V W Z

Popular Pages

Identity Verification Identity Assurance Rainbow Table Attack Keylogger

Share This Post

New call-to-action