A Session Fixation is an attack that allows an attacker to hijack and take control of a valid user session. The attack explores the limitations by knowing the way, the web application manages the session ID. The attacker finds different vulnerabilities using this session. The server with this vulnerability allows an attacker to hijack a valid user sessions. When authenticating a user for a session, the server doesn’t assign a new session ID. This makes it possible to use an existing session ID. The attacker can hijack the user’s validated session. This is possible because the attacker has the knowledge of the used session ID.
The impact include:-
This vulnerability can be fixed by:-