Kurinchi Blogger Scribbles …

Posts Tagged ‘php session fixation’

Jul 27

PHP Security: Preventing Session Fixation

Last updated: August 1st, 2009

Session Fixation is method by which an intruder creates a session id which gets carried on when a user comes with that path and continues his/her activity on a website.

For e.g. an intruder may create a link to a site called samplesite.com as <a href=”http://samplesite.com/cart.php?PHPSESSID=Ax23mDud” />Sample Site<a>

When a user clicks on this link the session id gets carried on to the site ‘samplesite.com‘. The intruder waits for the user starts to perform a transaction on the site and will take over vital details by intruding user’s activity on samplesite.com.

Valid HTML 4.01 Strict  Valid HTML 4.01 Strict