| But you have already stored the IP address of the attacker who
| created the session.
It sounds like you think about "Session Fixation", as described by
Mitja Kolsek in 2002. With "Session Riding" (or "Web Trojans"), the
attacker need not visit the target web site at all.
| But you have already stored the IP address of the attacker who
| created the session.
It sounds like you think about "Session Fixation", as described by
Mitja Kolsek in 2002. With "Session Riding" (or "Web Trojans"), the
attacker need not visit the target web site at all.
S...
[ more ]