Session Fixation


The application is vulnerable to session fixation attacks.  Session fixation occurs when an attacker is able to set or “fix” a user’s session ID during authentication. Once an attacker fixes the session ID, they can effectively hijack the user’s session. This vulnerability is made possible by a session ID which is not updated after the user authenticates to the application. 

Custom Description


Risk Rating


How To Test

Sample Report Screenshots

Time Saving Tips

Testing Gotchas



Subscribe here in order to gain access to the AppSec Findings Database


Leave a Reply