如何保护我的网站免受会话固定? [英] How to protect my site from session fixation?

问题描述

当前，我们面临有关会话固定的问题.我们确实有一个受保护的网站，即Https，并且没有针对它的身份验证.这意味着它具有匿名访问权限. 因此，我们面临着来自黑客的会话固定问题.有人可以帮助和指导吗???

Currently we are facing a problem regarding session fixation. We do have one site which is secured i.e. Https and there is no authentication for it. It means it has anonymous access. So, we are facing session fixation problem from hacker. Can someone help and guide on this????

推荐答案

您应该在此处找到所需的信息:

You should find the information you need here:

OWASP -有关会话修复的信息

OWASP - information about Session Fixation

ASP.NET中的会话修复漏洞-ASP.NET中的会话修复

Session Fixation Vulnerability in ASP.NET - Session Fixation in ASP.NET

这篇关于如何保护我的网站免受会话固定?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！