Session fixation vulnerability in phpFreeChat 1.1 allows remote authenticated users to hijack web sessions by setting the session_id parameter to match the victim's nickid parameter.
https://exchange.xforce.ibmcloud.com/vulnerabilities/44116
http://www.securityfocus.com/bid/30462