Session Fixation in gunet/openeclass
Sep 29th 2021
The Cookie before & after user login doesn't change
Proof of Concept
// PoC.js 1 Load website in a new browser 2 Get cookie before login 3 Login to website 4 Get cookie after login Compare those 2 values
Through other attack methods such as XSS, the attacker can store the user's cookies and access them later.