php session fixation

PHP Security: Preventing Session Fixation

Session Fixation is method by which an intruder creates a session id which gets carried on when a user comes with that path and continues his/her activity on a website.

For e.g. an intruder may create a link to a site called samplesite.com as <a href=”http://samplesite.com/cart.php?PHPSESSID=Ax23mDud” />Sample Site<a>

When a user clicks on this link the session id gets carried on to the site ‘samplesite.com‘. The intruder waits for the user starts to perform a transaction on the site and will take over vital details by intruding user’s activity on samplesite.com.
Continue Reading…

Share it onShare on FacebookShare on Google+Tweet about this on TwitterShare on LinkedIn
Kurinchi Calendar
May 2017
M T W T F S S
« Apr    
1234567
891011121314
15161718192021
22232425262728
293031