Top "Session-fixation" questions

Session Fixation is a security vulnerability which occurs after authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier.

When and why I should use session_regenerate_id()?

Why and when should I use the session_regenerate_id() function in php? Should I always use it after I …

php session session-fixation
what is the use of anti-forgery token salt?

In ASP.NET MVC 1.0, there is a new feature for handling cross site request forgery security problem: <%= Html.AntiForgeryToken() %&…

asp.net-mvc security csrf session-fixation
Generating a new SessionID on Login (ASP.NET)

I'm trying to work a number of security issues on a rather large ASP.NET web application (C#). To prevent …

c# asp.net sessionid session-fixation
Preventing session fixation in java

I have a web application written in java. We don't use sessions in authentication process. An application scan was ran …

java session-fixation
Can you give me an example of a session fixation attack?

I have read about session fixation and from what I understand it forces a user to use an attacker's session. …

security session-fixation