Which of the following are true statements regarding session IDs? Select three.
A. They are typically hashed using a secure hashing algorithm.
B. They can be used for a specific type of replay attack.
C. They are appended to a client's IP addresses to uniquely identify a session.
D. They are typically encrypted with an asymmetrical encryption algorithm.
E. They can be intercepted and used to impersonate a user.