OnDoc
| sign
in
up
~
pub
|
pdf
txt
html
toc
|
<<
>>
1
2
3
4
5
6
7
8
~
16
Table of Contents
1. Abstract
2. Introduction
3. Session fixation
4. Attack process
STEP 1: Session setup
STEP 2: Session fixation
Session ID in an URL argument
Session ID in a hidden form field
Session ID in a cookie
STEP 3: Session entrance
5. Countermeasures
5.1. Preventing logins to a chosen session
5.2. Preventing the attacker from obtaining a valid session ID
5.3. Restricting the session ID usage
6. Conclusion
7. Session fixation vs. session hijacking
8. Acknowledgments
9. References