This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Session Fixation in Java"

From OWASP
Jump to: navigation, search
(New page: ==Overview of Session Fixation== A detailed overview on session fixation can be found here: Session Fixation ==Countermeasures== * Session ID should be regenerated after login, and ...)
(No difference)

Revision as of 19:44, 5 March 2007

Overview of Session Fixation

A detailed overview on session fixation can be found here: Session Fixation

Countermeasures

  • Session ID should be regenerated after login, and switching in and out of SSL
 session.invalidate();
 session=request.getSession(true);
  • Disable URL rewriting
Retrieved from "https://wiki.owasp.org/index.php?title=Session_Fixation_in_Java&oldid=16966"