Session replay vs session commit vs session hijack

Question

Session replay vs session commit vs session hijack

Hi guys, can anyone make a clear difference between session fixation, session retry and session capture attacks, I read a lot of articles, but the question is still not clear between session capture and re-session attacks .....

Thanks in advance

+4

security session session-hijacking session-fixation

swapneil dash May 03 '17 at 6:42

source share

1 answer

Narf · Answer 1 · 2017-05-03T13:11:12+0000

Both commit and capture ultimately have one and the same goal - to gain access to the session. They differ only in how you achieve it.

- , cookie. ( MITM), , .

, - cookie . , , -, cookie , , , , cookie, , . , , , - , .

Replay ...

cookie ( ), cookie , .
( cookie ). , , .

. "cookie cookie" , , , , .

:

TLS (HTTPS) MITM , , . Secure , (.. https://).
HTTPOnly cookie, , , JavaScript cookie. JS cookie, , ( ), .
, (, , - ), . .
cookie , , .

Session replay vs session commit vs session hijack

More articles: