Attacking Session Tracking Mechanisms
¨Attacker changes his session ID to a value assigned to another user
–Application thinks that attacker is the other user
–
¨