Session id and its importance?
A web session is a sequence of HTTP request and response but it is stateless. Modern web applications which are dynamic in nature require the retaining of information or status about each user for the duration of multiple requests.
Therefore, sessions provide the ability to establish variables – such as access rights and localization settings – which will apply to each and every interaction a user has with the web application for the duration of the session.
Web applications can create sessions to keep track of anonymous users after the very first user request. An example would be maintaining the user language preference. Additionally, web applications will make use of sessions once the user has authenticated. This ensures the ability to identify the user on any subsequent requests as well as being able to apply security access controls, authorized access to the user private data, and to increase the usability of the application. Therefore, current web applications can provide session capabilities both pre and post authentication.
The session ID or token binds the user authentication credentials (in the form of a user session) to the user HTTP traffic and the appropriate access controls enforced by the web application.
So now you know the importance of session id ..so let us proceed to the problem.it is another problem from pentestoracademy
It is all about prediction of session id?
problem url:- http://www.pentesteracademy.com/video?id=185
solution video:-
A web session is a sequence of HTTP request and response but it is stateless. Modern web applications which are dynamic in nature require the retaining of information or status about each user for the duration of multiple requests.
Therefore, sessions provide the ability to establish variables – such as access rights and localization settings – which will apply to each and every interaction a user has with the web application for the duration of the session.
Web applications can create sessions to keep track of anonymous users after the very first user request. An example would be maintaining the user language preference. Additionally, web applications will make use of sessions once the user has authenticated. This ensures the ability to identify the user on any subsequent requests as well as being able to apply security access controls, authorized access to the user private data, and to increase the usability of the application. Therefore, current web applications can provide session capabilities both pre and post authentication.
The session ID or token binds the user authentication credentials (in the form of a user session) to the user HTTP traffic and the appropriate access controls enforced by the web application.
So now you know the importance of session id ..so let us proceed to the problem.it is another problem from pentestoracademy
It is all about prediction of session id?
problem url:- http://www.pentesteracademy.com/video?id=185
solution video:-
0 comments:
Post a Comment