Intermediate PHP
Q68 / 100

What is PHP's session fixation vulnerability?

Correct! Well done.

Incorrect.

The correct answer is B) When an attacker forces a known session ID on a user, then authenticates as them after login

B

Correct Answer

When an attacker forces a known session ID on a user, then authenticates as them after login

Explanation

Fix session fixation by calling session_regenerate_id(true) after login to assign a new session ID, invalidating any pre-login ID set by an attacker.

Previous All Questions Next
Progress
68/100
🐘

Browse All PHP Questions

100 questions · beginner to advanced