+1 vote
107 views
in PHP by (87.1k points)
An attacker somehow obtains an unsuspecting user’s SID and then using it to impersonate the user in order to gain potentially sensitive information. This attack is known as __________

(a) session-fixation

(b) session-fixing

(c) session-hijack

(d) session-copy

I got this question in final exam.

Asked question is from Session Handling-2 topic in chapter File and Session Handling in PHP of PHP

1 Answer

+1 vote
by (103k points)
selected by
 
Best answer
The correct option is (a) session-fixation

To explain I would say: The attack session fixation attempts to exploit the vulnerability of a system that allows one person to set another person’s session identifier. You can minimize this risk by regenerating the session ID on each request while maintaining the session-specific data. PHP offers a convenient function named session_regenerate_id() that will replace the existing ID with a new one.

Related questions

Welcome to TalkJarvis QnA, a question-answer community website for the people by the people. On TalkJarvis QnA you can ask your doubts, curiosity, questions and whatever going in your mind either related to studies or others. Experts and people from different fields will answer.

Most popular tags

biology – class 12 biology – class 11 construction & building materials chemistry – class 12 electronic devices & circuits network theory data structures & algorithms ii cell biology ic engine insurance finance money computational fluid dynamics engineering physics i discrete mathematics chemistry – class 11 aerodynamics casting-forming-welding i engineering mathematics operating system casting-forming-welding ii engineering drawing mysql engineering geology digital circuits wireless mobile energy management electrical measurements digital communications cyber security analytical instrumentation embedded systems electric drives cytogenetics advanced machining computer fundamentals life sciences basic civil engineering iot design of electrical machines physics – class 12 applied chemistry dairy engineering basic chemical engineering cloud computing microprocessor bioinformatics aircraft design aircraft maintenance software engineering drug biotechnology digital signal processing biochemistry data structures & algorithms i automotive engine design avionics engineering material & metallurgy energy engineering cognitive radio unix electrical machines biomedical instrumentation object oriented programming electromagnetic theory power electronics analog communications bioprocess engineering civil engineering drawing engineering metrology physics – class 11 mathematics – class 12 engineering chemistry i basic electrical engineering unit processes mongodb signals and systems cryptograph & network security hadoop mathematics – class 11 engineering physics ii html control systems engineering mechanics antennas analog circuits computer network java sql server javascript concrete technology chemical process calculation artificial intelligence design of steel structures c++ database management computer architecture engineering chemistry ii corrosion engineering chemical technology dc machines
...