Session Fixation is method by which an intruder creates a session id which gets carried on when a user comes with that path and continues his/her activity on a website. For e.g. an intruder may create a link to a site called samplesite.com as <a href="http://samplesite.com/cart.php?PHPSESSID=Ax23mDud" />Sample Site<a> When a user clicks on this link the session id gets carried on to the site 'samplesite.com'. The intruder waits for the user starts to perform a transaction on the site and will take over vital details by intruding user's activity on samplesite.com. (more…)

cookie is a text file that is stored on the client in name => value pairs to identify subsequent requests from the client by the server. Max. size of cookie file is 4k and it is stored on the client's hard disk. Cookies are used as a mechanism to establish state and to track user behavior. (more…)