Session in Web Applications:
A. Based on cookies.
B. Stored in Web Server.
C. If the attackers know the session id, they can hijack the session.
D. A and B.
E. A, B, and C.