Linux - Preventing logins to a chosen session, Session fixation attacks
Preventing logins to a chosen session
There is one common denominator to all session fixation attacks and scenarios:
The user logs in to a session with an attacker-chosen ID, instead of having been issued a newly generated session ID by the server. Since there seems to be no compelling reason for web applications to explicitly allow this to happen - and seems more like a side effect of current implementations, we propose forceful prevention of logging into a chosen session. Web applications must ignore any session ID provided by the user's browser at login and must always generate a new session to which the user will log in if successfully authenticated.
The topic on Linux - Preventing logins to a chosen session is posted by - Malu
Hope you have enjoyed, Linux - Preventing logins to a chosen sessionThanks for your time