Choose the best description of why secure session management is important in web applications.
Think about what risks happen if sessions are not managed securely.
Secure session management protects user data by ensuring sessions cannot be hijacked or tampered with, preventing unauthorized access.
Select the cookie attribute that enforces cookies to be sent only over secure HTTPS connections.
This attribute stops cookies from being sent over unencrypted connections.
The Secure attribute ensures cookies are only sent over HTTPS, protecting them from interception on insecure networks.
Which practice below best prevents session fixation attacks?
Think about what happens to the session ID when a user logs in.
Regenerating the session ID after login prevents attackers from forcing a known session ID on a user, stopping session fixation.
Which session storage method offers better security against client-side attacks?
Consider where sensitive session data should be kept to avoid exposure.
Keeping session data on the server and only sending a session ID in a cookie reduces risk of client-side tampering or theft.
Choose the best explanation for why session timeout is a critical security feature.
Think about what happens if a session stays active without user activity.
Session timeout limits how long a session remains valid without activity, reducing risk if a session ID is stolen or left unattended.