session-fixation Questions
1
Solved
I am trying to get a new value for the Session Cookie for every new login. Basically, the value in the screenshot below should have a new random string every time a user logs in. This is to avoid S...
Contrastive asked 27/5, 2022 at 4:23
1
Can anyone give a clear difference between session fixation, session replay and session hijacking attacks? I have read many articles, but the matter is still unclear between session hijacking and s...
Calvinism asked 3/5, 2017 at 6:42
2
I'm trying to work a number of security issues on a rather large ASP.NET web application (C#). To prevent session fixation attacks I'd like to generate a new session id every time a user authentica...
Celtic asked 9/7, 2013 at 12:50
7
Solved
Why and when should I use the session_regenerate_id() function in php?
Should I always use it after I use the session_start()?
I've read that I have to use it to prevent session fixation, is this t...
Silverweed asked 9/4, 2014 at 14:4
1
Solved
Most of the session fixation topics in ruby are mostly related to rails. Are there any session fixation vulnerabilities in sinatra? In rails we are mostly recommended to do reset_session before ass...
Dd asked 5/7, 2012 at 3:48
2
Solved
In ASP.NET MVC 1.0, there is a new feature for handling cross site request forgery security problem:
<%= Html.AntiForgeryToken() %>
[ValidateAntiForgeryToken]
public ViewResult SubmitUpdate...
Seda asked 10/9, 2009 at 0:4
1
Solved
I have read about session fixation and from what I understand it forces a user to use an attacker's session. Is this correct? Can you give me an example of how this could offend the user?
Caucasus asked 13/7, 2009 at 21:10
1
© 2022 - 2024 — McMap. All rights reserved.