[&] Why is HTTP considered stateless, requiring session management?
- It is inherently slow in processing requests
- It always requires username and password for each request
- It cannot maintain continuous user authentication -- Correct
- It does not support encryption of data

[&] In the concert analogy, what does the wristband symbolize in terms of session management?
- The session timeout or expiration
- The continuous access verification throughout the concert -- Correct
- The initial ticket purchase
- The authentication process at entry

[&] Which of the following best describes the relationship between authentication and session management?
- Authentication verifies user identity, session management maintains it -- Correct
- Session management allows authentication to occur automatically
- Authentication and session management both manage login credentials
- Authentication manages user preferences, session management provides access

[&] Why might a web application assign a session ID to an anonymous user?
- To temporarily store user preferences and improve usability -- Correct
- To prevent unauthorized access to the application
- To ensure all application data is encrypted
- To enforce strict user authentication protocols

[&] What security measures are involved in session management to safeguard against session hijacking?
- Employing secure cookies and HTTPS -- Correct
- Logging user activity consistently
- Implementing multi-factor authentication
- Using VPNs for all connections

[&] What is the primary purpose of session management in web applications?
- To maintain the user's authenticated state across multiple requests -- Correct
- To manage user credentials securely
- To control user access to specific resources
- To encrypt all user communications