Why do you think this is possible?

Annie has just succeeded in stealing a secure cookie via a XSS attack. She is able to replay the cookie even while the session is invalid on the server.

Why do you think this is possible?
A . It works because encryption is performed at the application layer (single encryption key)
B . The scenario is invalid as a secure cookie cannot be replayed
C . It works because encryption is performed at the network layer (layer 1 encryption)
D . Any cookie can be replayed irrespective of the session status

View Answer

Answer: A