Session Fixation is a security vulnerability where a user sets the Session Identifier (SID) of a user to a known value, allowing them to access your session. This would allow the malicious user to access the user’s private information.
For Example:
Jason has determined that his neighbor Joe’s bank site http://mybank.com is susceptible to a session fixation attack. Jason then sends Joe an email with a link to his bank setting the SessionID to a value known to him http://mybank.com?SID=12345. Joe trusting his neighbor clicks on the link and proceeds to sign-in to his account online. Jason now can use the link he sent Joe to access Joe’s account.
Prevention:
This attack can be avoided by changing the users SID when their permission level changes e.g: login. What this would mean is that even if Joe click on the link sent by Jason once he logins to his account the site would generate a new SID for him that Jason would not know and he would not be able to get access to Joe’s account.
Psuedo code [PHP]:
public function authenticate() {
// get user name
$user_name = $_POST['user_name'];
// get password
$password = $_POST['password'];
//validate the user
if( validateUser( $user_name, $password ) ) {
// regenerate the session id
session_regenerate_id( true );
return true;
} else {
return false;
}
}
Comments & Questions
Add Your Comment