Annie has just succeeded in stealing a secure cookie via a XSS attack. She is able to replay the cookie even while the session is invalid on the server.
Why do you think this is possible?
A . It works because encryption is performed at the application layer (single encryption key)
B . The scenario is invalid as a secure cookie cannot be replayed
C . It works because encryption is performed at the network layer (layer 1 encryption)
D . Any cookie can be replayed irrespective of the session status
Answer: A