How to do session fixation?

Question

Can someone explain me how session fixation really works? On my localhost server I uploaded file with this code:

<?php
 session_start();
 if (!isset($_SESSION['count'])) $_SESSION['count'] = 0;
 else ++$_SESSION['count'];
 echo $_SESSION['count'];
?>

I set in my browser address: http://localhost/sessiontest.php?PHPSESSID=1234 It will begin just with 0 writen, after few times pressed refresh button it will go to 1,2,3,4,...In book and on internet topic I read before, there'written that if I use this adress in browser in different browser or in diferent PC, it will show the number mz first browser ended with. However when I typed this address to second PC, it was begining from 0.

Is it somehow secured in higher version of Apache and PHP or did I totally misunderstood the topic? Thanks for help!

Answer 1

I think you may have misunderstood. PHP uses PHPSESSID to store the ID of a session. Normally this value is stored in a cookie, but it can also be stored in the url if cookies are disabled.

If you read the value of the url (or the cookie) on one browser, you can use that value in the url in another browser to effectively take over that session. That is because PHP doesn't track any information, but just uses that session id to identify a session.

I guess in your case, cookies are enabled as well, so PHP uses the stored cookie rather than the URL value. You can try to delete the cookie first, disables cookies altogether and use this url, or you can change the value of the cookie.