Session fixation

Steps to reproduce

  1. Open

  2. Open browser devtools.

  3. Get value for SESSION cookie.

  4. Open in the incognito tab.

  5. In the incognito tab, change cookie value to the one, obtained in step 3.

  6. In the normal tab (the one from steps 1-3) log in as any user.

  7. Refresh page in the incognito tab.


You are now logged in the incognito tab as user from step 6 as well.

Last updated