Skip to content
application-security

Session Fixation

Session Fixation

Definition

Session fixation is an attack where an adversary sets or predicts a user's session identifier before authentication, then exploits the session after the victim logs in. If an application maintains the same session ID across authentication state changes, the attacker who knew the pre-authentication ID gains an authenticated session.

Prevention requires generating a new session identifier upon successful authentication.

Related Terms

CSRF
Cross-Site Request Forgery
XSS
Cross-Site Scripting
JWT
JSON Web Token
← Back to Glossary

Ship secure code faster

Crash Override integrates security into the developer workflow. No context switching, no waiting on reviews.

Talk to a Human See the Product