Information Discovery: Session Token

Session tokens play a key role in maintaining state in modern web applications. When session tokens are accessible to malicious attackers by way of a vulnerable implementation, they can break into the corresponding login sessions and steal or tamper with sensitive user data.

Session tokens play a key role in maintaining state in modern web applications. Conceptually, a session management system contains a collection of state variables that are stored either client- or server-side, and session tokens (also collectively called session identifiers or session IDs) are used as the "key" to access these state variables. Session tokens can be placed in cookies, query/post parameters, or other HTTP headers and can be comprised of a single token or referenced in aggregate as a collection of multiple tokens.
Session tokens enable a web application to track an authenticated user's activities, correlate requests sent by that user, and provide appropriate services to the user accordingly. When a user successfully authenticates to a web application, the web application usually associates the user's identity with session tokens and accesses user data by referencing these tokens. Thus, weaknesses in deploying session tokens in a web application can be exploited by malicious attackers to hijack user sessions and compromise data confidentiality, integrity, and availability.