会话固定攻击就是将客户端的会话id强制设置为一个明确的已知值。
A session fixation attack is designed to force the session ID of a client to an explicit, known value.
会话固定允许入侵者截获验证后的会话,或者创建新会话并捕获会话标识符。
Session fixation allows intruders to intercept authenticated sessions or to create new sessions and to capture the session identifier.
在服务器上验证一个用户之前,如果没有首先使现有会话失效,可能会导致所谓的会话固定。
Authenticating a user at the server without first invalidating existing sessions can lead to what is termed session fixation.
应用推荐