Session(N/A)
A period of interaction between user and website that continues from login to logout.
What is Session?
In one sentence: Session means from when you login to when you logout, the site recognizes you!
Imagine you entered a building. Guard gives you a card. As long as you have the card, you can go anywhere. When you go out, you give the card. Session is this — you login, site gives you a Session ID, as long as you didn't logout or Session expired, site recognizes you.
Session Problems:
Session Fixation: Hacker gives you Session ID, you login, hacker enters your account with the same Session ID!
Session Hijacking: Hacker steals your Session ID (through XSS, MitM) and gets into your account.
No Session Timeout: Session never expires. If hacker steals it, can always use it.
Guessable Session ID: Session IDs have patterns. Hacker can guess.
Why is it important for security?
Because Session means access to user's account. If Session leaks, hacker gets into account without password!