Macrotone Blogs

Macrotone blogs upon Joomla, our products and other matters.

Session Fixation Protection

Came across an interesting article on Session Fixation Protection [requires registration].  In essence a session fixation is a vulnerability caused by incorrectly handling user sessions in a Web application. A user’s session is usually tracked by a cookie, which is assigned when the user visits the page with the Web application for the first time. The problem occurs when this cookie does not change for the duration of the browsing session; users authenticate and log out, but their session cookie remains the same. This is often the default behaviour of an application.

Whilst understanding the problem, I tend to wonder just how much of a problem it actually is in real life.

The only solution is correct coding of the Web application, always assigning a new cookie immediately after a user has authenticated on a site.

Go To Top

Joomla! Debug Console

Session

Profile Information

Memory Usage

Database Queries