php session fixation

PHP Security: Preventing Session Fixation

Session Fixation is method by which an intruder creates a session id which gets carried on when a user comes with that path and continues his/her activity on a website.

For e.g. an intruder may create a link to a site called samplesite.com as <a href=”http://samplesite.com/cart.php?PHPSESSID=Ax23mDud” />Sample Site<a>

When a user clicks on this link the session id gets carried on to the site ‘samplesite.com‘. The intruder waits for the user starts to perform a transaction on the site and will take over vital details by intruding user’s activity on samplesite.com.
Continue Reading…

Share it onShare on FacebookShare on Google+Tweet about this on TwitterShare on LinkedIn
Kurinchi Calendar
August 2017
M T W T F S S
« Jul    
 123456
78910111213
14151617181920
21222324252627
28293031