How does a web application install session IDs on a browser?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $25.99Unlock all

Prepare for the eLearnSecurity Junior Penetration Tester exam with our comprehensive quiz platform. Improve your skills with multiple-choice questions, detailed explanations, and exam tips. Get exam ready with ease!

Multiple Choice

How does a web application install session IDs on a browser?

Explanation:
The browser gets a session ID through cookies. When the server authenticates you, it creates a session on the server and sends the ID in an HTTP Set-Cookie header. The browser stores that as a cookie (usually a session cookie with no expiration) and automatically includes it in subsequent requests to the same site via the Cookie header. This lets the server map each request to your active session and retrieve your state. Embedding the ID in page content is insecure and brittle, since the ID would appear in the HTML and depend on manual extraction. Using a URL parameter would expose the ID in links, history, and logs, making it easy to leak. TLS session resumption is a transport-layer optimization, not a method for maintaining application state with a browser.

The browser gets a session ID through cookies. When the server authenticates you, it creates a session on the server and sends the ID in an HTTP Set-Cookie header. The browser stores that as a cookie (usually a session cookie with no expiration) and automatically includes it in subsequent requests to the same site via the Cookie header. This lets the server map each request to your active session and retrieve your state.

Embedding the ID in page content is insecure and brittle, since the ID would appear in the HTML and depend on manual extraction. Using a URL parameter would expose the ID in links, history, and logs, making it easy to leak. TLS session resumption is a transport-layer optimization, not a method for maintaining application state with a browser.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy