My question maybe easy or weird, In fact I can't judge. So please excuse me if the question is a bit strange. In (session token) method, when a user authenticate and server save user information in session on the server and send session ID to the client and it saved in browser cookie.
Now, Isn't it possible that another user(a bad user) can somehow access this file and know Session ID?? and if it possible and the bad user go to the same URL and set session ID in cookie header and send this session id with request, Does this make the bad user succeed in hacking the URL?
I hope I was able to clarify the question, thank you :)
