Session fixation

URI: https://gptkb.org/entity/Session_fixation

GPTKB entity

Predicate	Object
gptkbp:instanceOf	Web security vulnerability
gptkbp:affects	Web applications
gptkbp:cause	Session hijacking
gptkbp:documentedIn	gptkb:OWASP_Top_Ten
gptkbp:exploits	Attackers Predictable session IDs Session IDs in hidden form fields URL-based session IDs Weak session management
gptkbp:firstDescribed	2001
https://www.w3.org/2000/01/rdf-schema#label	Session fixation
gptkbp:involves	Fixing a user's session ID before authentication
gptkbp:mitigatedBy	Regenerating session ID after login Setting HttpOnly and Secure flags Using secure cookies
gptkbp:relatedTo	Session management
gptkbp:bfsParent	gptkb:Spring_Security gptkb:Identification_and_Authentication_Failures
gptkbp:bfsLayer	6