2202d Web Security: Session Fixation Attack
problem:
session fixation
attack:
open page
send link with session token to victim (
https://glocken.hacking-lab.com/12001/url_case3/url3/controller?action=pay&AValue=dJBvKBqrxmNZ21vhhNxY9A==)
victim authenticates
reload page as hacker, to get access to the victims account
mitigation:
establish session on login, not before