¨Most Web application generate a session ID to track the user’s session.
¨Session ID is passed back and forth across the HTTP or HTTPS connection when client browses web pages, enters data into forms, or conducting transactions
¨Session ID allows the Web application to maintain the state of a session with a user
¨Session ID is independent of the SSL connection
¨Session ID is Application-level data