Whenever we log into a website, the server and browser exchange a so-called session ID to identify the visit.

What kind of session ID might webmasters use to prevent hacking?

RandomLengthyUniqueEasy to guess

Yes! If a session ID is lengthy, unique, and difficult to guess, we'll have a hard time trying to hijack it.

Oh no! If a session ID is easily guessed, you can hijack it and access another user's visit.