To delete a user's session ID

To steal a user's session ID

To set a user's session ID to a known value

To encrypt a user's session ID

By generating new session IDs for each login

By accepting session IDs only from cookies

By accepting any session ID specified by the user

By using encrypted session IDs

Sends a phishing email with a fixated session ID link

Hacks into the bank's server

Steals the victim's password

Uses a brute force attack

Attackers can still use their own server-generated IDs

They are always encrypted

They require user consent

They are too complex to implement

A cookie that is encrypted

A cookie that cannot be accessed by sub-domains

A cookie set by a sub-domain on the main domain

A cookie set by the main domain

By using cookies only from the main domain

By setting a cookie on a trusted site through an untrusted sub-domain

By deleting all cookies from the browser

By encrypting the cookies

Allowing third-party sub-domains to set cookies

Using encrypted session IDs

Generating new session IDs for each login

Accepting session IDs only from query strings