Weak session IDs can expose people's profile and payment information and allow us to access a website without authentication.

Which do you think is a strong session ID?

7298537AD4VtmWjb

You're right! Just like a strong password, this session ID is lengthy and random to prevent you from stealing user data.

Look again! This session ID seems strong, but you could guess it with a script.