Session (Web Session)
A session is a server-side or token-based way to keep a user logged in across requests.
Updated: 2026-03-06
Definition
Web sessions maintain authentication state after login, often using cookies or tokens.
If an attacker steals a session token, they can impersonate the user (session hijacking).
Key points
- Stored in cookies/tokens
- Protect with HTTPS, secure cookie flags, short lifetimes
- Regenerate after login/privilege change
Common mistakes
- Long-lived sessions without rotation.
- Missing HttpOnly/Secure/SameSite cookie flags.
Related exams
Related terms
Want to practice this in exam-style questions?
Use the mini tests on each exam page, then continue in the app for offline packs and detailed explanations.
Go to exams