Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Session Fixation VS XSRF/CSRF

Tags:

security

php

session

owasp

What defines the two respectively?

Session fixation is described as:

Session Fixation is an attack that permits an attacker to hijack a valid user session. The attack explores a limitation in the way the web application manages the session ID, more specifically the vulnerable web application.`

The Source: OWASP

Which seems rather close to what CSRF exploits. What distinguishes the two from eachother or is Session fixation simply a synonym or a branch coming from CSRF?

Would also like to mention that key terminology coming from the OWASP link I provided is almost identical to those mentioned in CSRF

like image 246
Juxhin Avatar asked Mar 18 '15 13:03

Juxhin

1 Answers

No, it is not a synonym. Session Fixation and CSRF are two different attacks.

Session fixation is a class of Session Hijacking. Attacker tries to steal, guess or fix session id, then use it and log in on target website as victim. It could be done many ways. Basic protection is if app uses httpOnly flag, does not transfer session id in url (session.use_trans_sid=0, session.use_only_cookies=1) and takes care of XSS vulnerabilities.

CSRF is another kind of attack. Attacker does not want victim session id but rather causing the victim to perform an action on server where victim is properly logged in. So the victim performs malicious action itself but does not know about it. How? Victim loads a page somewhere that contains malicious link in html (ie. img src) or target website contains XSS vulnerability and it is good point for loading external malicious javascript and issuing ajax requests.

Standard protection is CSRF token. It is another token (next of session id) that is included in each sensitive request. Attacker should not know current CSRF token for particular user and can not prepare malicious link or ajax request. CSRF token should be unique for each session. Sensitive requests are form submissions, deleting/setting of something (permission etc.). So app does not have to protect absolutely each request. It also is not good idea to transmit CSRF token in URL.

Look at OWASP for more info to CSRF.

like image 186
kba Avatar answered Oct 09 '22 23:10

kba
Sign in to Comment

Related questions

Curl to HTTPS stop working with Nginx + php-fpm
PHP money_format not working
php parse error explode
Maximum length allowed in GROUP_CONCAT ? How to pass it?
Session variables lost between pages [duplicate]
Cloudflare redirect subdomain to directory
WooCommerce checkout layout
Is php.ini upload_max_filesize combined?
Doctrine 2 select count groupBy
sqlsrv drivers doesn't appear on a WAMP server phphinfo() after adding the extension entries in the php.ini file
PHP SET default argument in function as static variable
FOSRestBundle: partial response in function of attributes asked in the request
Restricting certain routes access to localhost in Laravel
How to obtain location from ipinfo.io in PHP?
How to fix "could not open socket in Zend Mail (Zend Framework 2)
Online and offline synchronization
Validate field input is string laravel
Laravel 5 view not found
Laravel 5: Using SHA1 instead of Bcrypt
Reset GridView filter

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!