Glossary

SESSION FIXATION
defined.

An attack where an attacker forces a known session identifier on a victim, then waits for them to authenticate to gain access.

A–Z

What is Session Fixation?

Defence: regenerate the session ID at every authentication boundary (login, privilege change). Most modern frameworks do this automatically; verify yours does.

Related terms.

Where this shows up.

See our web application penetration testing, API security testing, network penetration testing, and cloud security audit services for how we test for and defend against this class of issue.

Test for this in your stack

BOOK A FREE
scoping call.

30-minute call with an OSCP-certified engineer. Tailored proposal in 24 hours.

Book Free Scoping Call →All Services