•Many
Web based systems use hidden fields that identify a session.
•When
the first request arrives, the system generates a unique session key
and
stores it in a database.
•The
session key can be included in all forms/links generated by the system (as a hidden field or
embedded in a link).