When a user signs onto an account with a network site using a browser, a session is created. Typically, the user provides a username and a password to the network site, though other security credentials may be provided. Upon verification of the provided security credentials and creation of the session, one or more authentication tokens may be provided to the web browser to maintain the session state. Upon subsequent requests from the network site, the browser is configured to provide the authentication tokens via a cookie, form variables, or another approach. The authentication tokens may be valid until the user explicitly ends the session by logging out or until the expiration of a predefined period of time (e.g., 30 minutes, an hour, a day, or another time period).
In contrast to browser-based sessions, mobile applications and other dedicated applications may employ a registration approach. With a registration approach, after a user provides the username and password or other credentials, the application becomes registered with a network service. As with browser sessions, an authentication token may be created and supplied to the application by the network service. The application then is configured to automatically provide the authentication token in service calls to that service. Though the user may choose to explicitly deregister the application, registration otherwise may persist indefinitely.