"In Session Attacks and ASP.NET – Part 1,
I introduced one type of attack against the session called Session
Fixation as well as ASP.NET’s session architecture and authentication
architecture. In this post, I’ll delve into a couple specific attack
scenarios, cover risk reduction, and countermeasures."
Read: https://blogs.sans.org/appsecstreetfighter/2009/06/24/session-attacks-and-aspnet-part-2/
