sessionfixering

Sessionfixering, or session fixation, is a web security vulnerability in which an attacker causes a user to use a known or predictable session identifier. If the user logs in without the server issuing a fresh session ID, the attacker may be able to use the same session ID to access the authenticated session.

How it works can vary, but the common pattern is that the attacker obtains a valid session

Modern web applications mitigate sessionfixering by ensuring that a new session ID is issued at login and

In practice, many contemporary frameworks and platforms provide built-in protections against sessionfixering, making successful exploitation less