Authentication
Session Fixation
An attack where an attacker sets a user's session ID to a known value.
Session fixation occurs when an app accepts a session ID from URL parameters or POST data without regenerating it after login. Attackers force a known session ID on a victim, then hijack the session after they log in.