Abstract: Session management in disseminated Internet services is customarily in light of username and password, explicit logouts and components of user session termination utilizing fantastic timeouts. Developing biometric solution permit substituting username and password with biometric information during session establishment, however in such a methodology still a single verification is considered sufficient, and the identity of a user is viewed as unchanging during the whole session. Also, the length of the session timeout may effect on the conveince of the service and subsequent user fulfilment. This paper proposing an alternate method by applying authentication via multi-level user verification by applying biometrics an application in the service of sessions.

Keywords: Authentication, Security, Mobile environments, web servers.