SESSION FIXATION
Fig. SESSION FIXATION. Click to Enlarge
Session Fixation:
Whenever a visitor first visit a page in your application that calls session_start(), then a session is created for the user. PHP generates a random session identifier to identify the user (you can see this identifier by using session_id()) which is also known as session token, and then it sends a Set-Cookie header to the client. By default, the name of this cookie is PHPSESSID, but you can change the cookie name in php.ini or by using the session_name() function. On subsequent visits, the client identifies the user with the cookie, and this is how the application maintains state.
It is possible to set the session identifier manually through the query string, forcing the use of a particular session. This simple attack is called session fixation because the attacker fixes the session. This is most commonly achieved by creating a link to your application and appending the session identifier that the attacker wishes to give any user clicking the link.
<a href="http://yoursite.com/index.php?PHPSESSID=123456">Fix the session</a>
By clicking the above link an would be attacker could get access the protected user’s login credentials and so on. If the user logs in while using the provided session identifier, the attacker may be able to ride on the same session and gain access to the user’s account. This is why session fixation is sometimes referred to as session riding.
No comments:
Post a Comment