Developing Applications Using Cisco Core Platforms and APIs (DEVCOR) — Question 342

An engineer is developing an application to use across organizations. The application will process sensitive data and access will be allowed from the internet. The application will need to store the session ID of the users. This must be implemented using a secure management mechanism. Which secret storage approach must the engineer take to meet these requirements?

Answer options

• A. browser cache
• B. JavaScript variable
• C. persistent cookie
• D. non-persistent cookie

Correct answer: D

Explanation

The correct answer is D, as non-persistent cookies are stored in memory and are not saved after the browser is closed, making them suitable for handling session IDs securely. In contrast, persistent cookies (C) remain stored on the user's device, which can increase the risk of exposure. Browser cache (A) and JavaScript variables (B) are not secure methods for storing sensitive data like session IDs.