Member-only story
Session Management | Tryhackme Walkthrough
Learn about session management and the different attacks that can be performed against insecure implementations.
Task 1 — Introduction
In this room, you will learn about Session Management. Thinking about your interactions with web applications, you should realise that you do not provide a web application with your username and password on every request. Instead, after authentication, you are provided with a session. This session is used by the web application to keep your state, track your actions, and decide whether or not you are allowed to do what you are trying to do. Session management aims to ensure that these steps are performed correctly. Otherwise, it may be possible for a threat actor to compromise your session and effectively hijack it!
Prerequisites
Learning Objectives
- Understand what Session Management is
- Understand the differences between authentication and authorisation and how they each play a role in session management
- Learn about the two main session management methods
- Learn about the session management lifecycle
- Learn how to practically exploit vulnerable session management implementations
