[&] Which method is commonly used for encoding cookies that may be reverse engineered?
- RSA
- Blowfish
- Twofish
- Base64 -- Correct

[&] What is the purpose of having the HTTPOnly flag on session cookies?
- To ensure cookies are encrypted
- To prevent cookies from being accessed via JavaScript -- Correct
- To enhance cookie expiration
- To reduce cookie size

[&] Why is cookie tampering a concern in session management tests?
- It increases the size of cookies
- It can lead to unauthorized access by modifying session data -- Correct
- It speeds up the authentication process
- It allows access to encrypted user passwords

[&] Why should session tokens not be included in URL parameters?
- Tokens are exposed in browser history -- Correct
- It decreases network efficiency
- URLs become too long
- URL parameters are not secure

[&] What is a potential vulnerability when session tokens lack randomness?
- Tokens become harder to read
- Tokens cannot be reused
- Tokens expire too quickly
- Tokens can be predicted by attackers -- Correct

[&] What is the main goal of testing a session management schema in web applications?
- To improve the user interface of login pages
- To enhance the efficiency of session data storage
- To increase the number of user sessions
- To identify vulnerabilities in session handling -- Correct