Cornucopia - Ecommerce Website - SM A
Suit: Session management
You have invented a new attack against Session Management
Players can discuss any type of Session Management (SM) attack they think might be possible against the assessment target. It does not matter if the attack relates to another SM card, but if possible try to identify an attack that is fairly unique to the application/functionality/users.
Read more about this topic in OWASP’s free Cheat Sheets on Session Management, and Cross Site Request Forgery (CSRF) Prevention