Skip to content
← Back to Glossary
Authentication

Session Fixation

An attack where an attacker sets a user's session ID to a known value.

Session fixation occurs when an app accepts a session ID from URL parameters or POST data without regenerating it after login. Attackers force a known session ID on a victim, then hijack the session after they log in.

Related Terms

See if your app is vulnerable

Vezraa checks for related security issues. Scan in 25 seconds.

Session Fixation — Security Glossary | Vezraa