Session fixation

GPTKB entity

Statements (19)
Predicate Object
gptkbp:instanceOf Web security vulnerability
gptkbp:affects Web applications
gptkbp:cause Session hijacking
gptkbp:documentedIn gptkb:OWASP_Top_Ten
gptkbp:exploits Attackers
Predictable session IDs
Session IDs in hidden form fields
URL-based session IDs
Weak session management
gptkbp:firstDescribed 2001
https://www.w3.org/2000/01/rdf-schema#label Session fixation
gptkbp:involves Fixing a user's session ID before authentication
gptkbp:mitigatedBy Regenerating session ID after login
Setting HttpOnly and Secure flags
Using secure cookies
gptkbp:relatedTo Session management
gptkbp:bfsParent gptkb:Spring_Security
gptkb:Identification_and_Authentication_Failures
gptkbp:bfsLayer 6