How to fix Session fixation issue in Web Application

Question

How can we fix the session fixation issue in web application where as i am logging in to the application using openam.

please give some suggestion .

Any help would be appriciated.

Thanks in advance.

Answer 1

To mitigate session fixaction after successfull login invalidate the current session and create a new session.

The flow will be

1. After successful login store the user information temporarily
2. Invalidate the current session
3. Create a new session
4. Copy the user information to the new session.

This way session fixation can be avoided.