Session is about authenticating the communication between the user and the server. To understand this concept better see the following scenario shown in Fig.1.
Here it’s shown how the sever grants a session id/token to the user when he is logging in. Every time the user requests the server to show a new page, the user has to send the session id/token along with it. The server validates the requested session id/token and responds to the user. So through this it can be understood that every login page has a session. But the important question is, whether it is secure? Sessions can be implemented using one of these ways – Session Cookies, Header parameters, HTTP body parameters, Authentication tokens, etc.
Possible vulnerabilities found in session
To mitigate the above mentioned vulnerabilities, following steps have to be followed: