Chapter 2 GatherinG requirements • Session Management Considerations: a. It depends upon the business requirements of the user whether you want in-memory token session management or database token session management (also called Java Database Connectivity [JDBC] token management). JDBC token management is helpful in case of clustering the BXP application; in in-memory token session management, you need to replicate the session token across all clustered environment using JGroups or other open-source cache replicating techniques. b. You need to decide the idle time of a session on the basis of business requirements. Idle time of a session will automatically log out the user from the server after a specified time. It also requires checking authenticity, authorization, and integrity of data while designing the UI layer as well as backend integrations. Look into the BXP authenticity and authorization user story in the ABC online banking portal (Table 2-16). Table 2-16. Authenticity and Authorization User Story Name Authenticity and Authorization trigger Customer should be authenticated and authorized. script as a customer, one would be logged in using two-factor authentication, so that authorized data for that customer should be accessible. the following items should be masked: • mobile device number • ssn • account number acceptance an authorized and authenticated customer is able to access the BXp application. criteria 55