Before we learn about the vulnerabilities we should know what is a session.
You might have observed being logged out from a website after you keep it idle for a long time, you also get a message stating that "Session has expired".
Session simply means a group of interactions that a user has on a website within a given time frame. Visiting a website can also be considered as a session, however, in technical words, session can be captured by existing the website or by a period of user inactivity.
How can a session be vulnerable?
1) Generating weak session management:
The logic of creating a session token is pretty simple. The attacker is able to learn the pattern and is able to create a valid fake token using the exposed logic behind the session token creation.
2) Poor handling of sessions:
If the session is not terminated properly, or the token is leaked within the network, token hijacking can take place, where the attacker can easily invade.
3) Using meaningful token as a session ID:
Some developers tries to put a lot of information in the session ID, these information may include username, user id, email address, etc. The value may be encrypted and look long however, if it is decoded, it will give out all the useful information of the user.
4) Using predictable tokens:
The session ID tokens are in encrypted format and hence, we feel that they are safe. However, we do not know if they consist of some pattern or a sequence that is commonly used, if so, attackers can easily guess the token.
Session cookies puts the data into temporary memory and deletes it once the session is finished. This data is then used to track the user's development throughout the website. If these sessions are not managed properly, user's information can be stolen like passwords or confidential data. This attack is called as session hijacking. Attacker can use brute force, can guess or predict the exposed session tokens and impersonates and hijacks a genuine user.
