Session Fixation
Variants:
Direct Persistent
Vector Type:
Attack
Relevance:
Generic
Layer:
Application-Level
Platforms:
Any
Target Type:
Web Application
Affected Mechanisms:
Session Management
Invented In:
01/12/2002
Added In:
23/12/2014
Quick Introduction to the Topic:
Vector Operation Method:
Attackers can lure other users to access the application via pre-crafted links that set a pre-generated session identifier, eliminating the need to steal the session identifier of the user later, or referring the user to a resource in which the attacker already included malicious content.
