Experiment with Session Fixation using Tomcat

Session Fixation is a security vulnerability in web sites. The scenario is this: The attacker creates a link to in which the URL contains a session ID. The user follows the link and the web site platform uses the session ID. The user logs on, making that session authenticated. The attacker uses the session […]