2 lines
301 B
Plaintext
2 lines
301 B
Plaintext
Session fixation attacks occur when an attacker can force a legitimate user to use a session ID that he knows. To avoid fixation attacks, it's a good practice to generate a new session each time a user authenticates and delete/invalidate the existing session (the one possibly known by the attacker).
|