In Chapter 4, you learned a little about replay attacks. In a replay attack, a hacker intercepts and stores messages flowing over the network and then sends them at some time in the future. At best this can become a nuisance if, for example, a hacker repeatedly replays the same intercepted purchase order sent by a genuine customer to an online bookstore; the bookstore receives hundreds of orders and sends the books to the customer who has not ordered them. At worst, it can lead to large-scale fraud; consider an attacker intercepting a request to credit his bank account and then repeatedly replaying this message to the bank’s servers.

Using reliable sessions can help to mitigate simple replay attacks, as each ...