Sans has published part 1 of an article discussing Session Fixation attacks against .NET applications.
"I’ve spent some time recently looking for updated information regarding
session attacks as they apply to ASP.NET and am still not completely
satisfied with how Microsoft has decided to implement session
management in ASP.NET 2.0+ (haven’t looked at 4.0 beta yet)."
Link: https://blogs.sans.org/appsecstreetfighter/2009/06/16/session-attacks-and-aspnet-part-1/
