Session Fixation is method by which an intruder creates a session id which gets carried on when a user comes with that path and continues his/her activity on a website.
For e.g. an intruder may create a link to a site called samplesite.com as <a href=”http://samplesite.com/cart.php?PHPSESSID=Ax23mDud” />Sample Site<a>
When a user clicks on this link the session id gets carried on to the site ‘samplesite.com‘. The intruder waits for the user starts to perform a transaction on the site and will take over vital details by intruding user’s activity on samplesite.com.
How to prevent Session Fixation in PHP?
i) Regenerate session id’s at every juncture where necessary (usage of session_regeneration_id() function)
ii) Avoid passing session id’s in GET/POST variables
iii) If you have a blacklisted referrer list, you can possibly compare the referrer before generating the session for each user. You can also check the referrer on the top of the program in the pages where session based activity is carried out
iv) Generate a session id from the server and check if the session id was generted from the server and if it is not empty.
v) Expire a session after a valid interval and never let it go unexpired.