Why should application developers change the session ID names used by common web application development frameworks?

Why should application developers change the session ID names used by common web application development frameworks?

• These session ID names are not published in public documents.
• These session ID names can be used to fingerprint the application framework employed.
• These session ID names are used randomly and make integration of frameworks impossible.
• These session ID names typically contain a short length of numerical numbers and can be easily cracked.

Explanation: The session ID names used by the most common web application development frameworks can be easily fingerprinted. Some examples include PHPSESSID (PHP), JSESSIONID (J2EE), CFID and CFTOKEN (ColdFusion), and ASP.NET_SessionId (ASP .NET). These session ID names may indicate what framework and programming languages the web application uses. Changing the default session ID name of the web development framework to a generic name is recommended.

Exam with this question: 6.13.3 Quiz - Performing Post-Exploitation Techniques Answers