Fixed HTTP Session Cookies
Medium Nessus Plugin ID 46201
SynopsisThe remote web application is affected by a session fixation vulnerability.
If the session cookie is already present before authentication, it remains unchanged after a successful login. A remote attacker can exploit this to hijack a valid user session.
SolutionFix the application so that the session cookie is re-generated after successful authentication.