00 — Overview

Session Security

Learn how session management fails — predictable session IDs, session fixation, missing cookie flags, and sessions that survive logout.

Intermediate·40 min·6 tasks

// By the end of this module

→Understand session fixation, session hijacking, and cookie theft

→Analyse session tokens for predictability and weak entropy

→Exploit missing Secure and HttpOnly cookie flags

→Perform session fixation to hijack a victim's authenticated session

// Prerequisites

Foundation · Beginner

35 min

Authentication · Intermediate

50 min