1
00:00:00,120 --> 00:00:08,490
‫Now, as we mentioned before, HTP is a stateless protocol that means to request sent from the same

2
00:00:08,490 --> 00:00:16,200
‫client has absolutely no relation, but today the websites are mostly interactive and status information.

3
00:00:17,140 --> 00:00:24,100
‫That is the information that is required for the user to be recognized during a HTTP request is of vital

4
00:00:24,100 --> 00:00:31,660
‫importance because the HTTP protocol does not contain such information by its design, software engineers

5
00:00:31,660 --> 00:00:35,200
‫have developed their own methods to provide session management.

6
00:00:35,380 --> 00:00:41,980
‫The most important and most widely used of these methods is that unique session information generated

7
00:00:41,980 --> 00:00:48,130
‫by the server is sent to each client individually, and the clients introduce themselves to the web

8
00:00:48,130 --> 00:00:56,110
‫server and hence the web application using this unique information in following HTTP requests, while

9
00:00:56,110 --> 00:00:59,710
‫session management had to be implemented by developers in the past.

10
00:01:00,310 --> 00:01:04,990
‫Most of the tasks are now handled by application servers.

11
00:01:05,930 --> 00:01:12,260
‫And so the developers have been saved from such an important and difficult responsibility, but don't

12
00:01:12,260 --> 00:01:12,860
‫give up hope.

13
00:01:13,580 --> 00:01:19,670
‫Developers still have to manage some important tasks of session management, such as starting and ending

14
00:01:19,670 --> 00:01:20,180
‫the session.

15
00:01:20,930 --> 00:01:25,700
‫Mistakes done in session management allow us to perform some attacks.

16
00:01:26,570 --> 00:01:29,630
‫We will see the most important of these attacks in this section.

17
00:01:29,780 --> 00:01:36,830
‫There are a few methods to manage sessions such as you URL rewriting hidden form field, special http

18
00:01:36,830 --> 00:01:38,660
‫headers or SSL keys.

19
00:01:39,080 --> 00:01:45,110
‫But the most popular session management method is the use of cookies when the client sends a request

20
00:01:45,110 --> 00:01:46,070
‫to the application.

21
00:01:46,400 --> 00:01:52,160
‫If the client does not have a valid session token at this time, the server returns the session token

22
00:01:52,160 --> 00:01:53,930
‫inset cookie header.

23
00:01:54,910 --> 00:02:01,690
‫After this time, a client sends its requests with this session token in the cookie and the server identifies

24
00:02:01,690 --> 00:02:03,400
‫the client with this information.

25
00:02:03,970 --> 00:02:11,350
‫Now, as we said before, the use of cookies is the most popular session management method, and cookies

26
00:02:11,350 --> 00:02:13,420
‫contain session tokens.

27
00:02:13,720 --> 00:02:18,730
‫Session tokens contain session IDs and some other information.

28
00:02:19,510 --> 00:02:24,940
‫Session IDs are the unique identifiers that are used to identify the users.

29
00:02:25,810 --> 00:02:31,510
‫One of the attacks against session management is that the session information generated on the server

30
00:02:31,510 --> 00:02:33,190
‫side is predictable.

31
00:02:33,370 --> 00:02:35,980
‫This is usually caused by the following situations.

32
00:02:36,070 --> 00:02:41,620
‫First, using sequential session IDs, it's not seen that much today.

33
00:02:42,310 --> 00:02:45,760
‫Second, using weak random number generators.

34
00:02:46,240 --> 00:02:50,260
‫There are some weak random number generators that just shouldn't be used anymore.

35
00:02:50,530 --> 00:02:53,870
‫These methods are not intended to generate unique numbers.

36
00:02:54,700 --> 00:02:57,970
‫And third, using short session IDs.

37
00:02:58,210 --> 00:03:03,460
‫If this session ID is not long enough, it might be the subject of a brute force attack.