Attacking Session Tracking
Mechanisms
¨
Attacker changes his session ID to a value
assigned to another user
–
Application thinks that attacker is the other user
–
¨