{"id":"https://openalex.org/W2093077836","doi":"https://doi.org/10.1145/1982185.1982511","title":"Reliable protection against session fixation attacks","display_name":"Reliable protection against session fixation attacks","publication_year":2011,"publication_date":"2011-03-21","ids":{"openalex":"https://openalex.org/W2093077836","doi":"https://doi.org/10.1145/1982185.1982511","mag":"2093077836"},"language":"en","primary_location":{"id":"doi:10.1145/1982185.1982511","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1982185.1982511","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2011 ACM Symposium on Applied Computing","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5002067855","display_name":"Martin Johns","orcid":"https://orcid.org/0000-0003-2574-5060"},"institutions":[{"id":"https://openalex.org/I4210133614","display_name":"Systems, Applications & Products in Data Processing (United Kingdom)","ror":"https://ror.org/04k7gd586","country_code":"GB","type":"company","lineage":["https://openalex.org/I4210132444","https://openalex.org/I4210133614"]}],"countries":["GB"],"is_corresponding":true,"raw_author_name":"Martin Johns","raw_affiliation_strings":["SAP Research"],"affiliations":[{"raw_affiliation_string":"SAP Research","institution_ids":["https://openalex.org/I4210133614"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5035881662","display_name":"Bastian Braun","orcid":null},"institutions":[{"id":"https://openalex.org/I186354981","display_name":"University of Passau","ror":"https://ror.org/05ydjnb78","country_code":"DE","type":"education","lineage":["https://openalex.org/I186354981"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Bastian Braun","raw_affiliation_strings":["University of Passau","University Of Passau#TAB#"],"affiliations":[{"raw_affiliation_string":"University of Passau","institution_ids":["https://openalex.org/I186354981"]},{"raw_affiliation_string":"University Of Passau#TAB#","institution_ids":["https://openalex.org/I186354981"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5064900897","display_name":"Michael Schrank","orcid":null},"institutions":[{"id":"https://openalex.org/I186354981","display_name":"University of Passau","ror":"https://ror.org/05ydjnb78","country_code":"DE","type":"education","lineage":["https://openalex.org/I186354981"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Michael Schrank","raw_affiliation_strings":["University of Passau","University Of Passau#TAB#"],"affiliations":[{"raw_affiliation_string":"University of Passau","institution_ids":["https://openalex.org/I186354981"]},{"raw_affiliation_string":"University Of Passau#TAB#","institution_ids":["https://openalex.org/I186354981"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5088633946","display_name":"Joachim Posegga","orcid":"https://orcid.org/0000-0002-6468-809X"},"institutions":[{"id":"https://openalex.org/I186354981","display_name":"University of Passau","ror":"https://ror.org/05ydjnb78","country_code":"DE","type":"education","lineage":["https://openalex.org/I186354981"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Joachim Posegga","raw_affiliation_strings":["University of Passau","University Of Passau#TAB#"],"affiliations":[{"raw_affiliation_string":"University of Passau","institution_ids":["https://openalex.org/I186354981"]},{"raw_affiliation_string":"University Of Passau#TAB#","institution_ids":["https://openalex.org/I186354981"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5002067855"],"corresponding_institution_ids":["https://openalex.org/I4210133614"],"apc_list":null,"apc_paid":null,"fwci":11.0841,"has_fulltext":false,"cited_by_count":42,"citation_normalized_percentile":{"value":0.98025474,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"1531","last_page":"1537"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9941999912261963,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9799000024795532,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7793893814086914},{"id":"https://openalex.org/keywords/session","display_name":"Session (web analytics)","score":0.7652097940444946},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.7501609921455383},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.5876935720443726},{"id":"https://openalex.org/keywords/adversary","display_name":"Adversary","score":0.5135488510131836},{"id":"https://openalex.org/keywords/authentication","display_name":"Authentication (law)","score":0.4859370291233063},{"id":"https://openalex.org/keywords/web-server","display_name":"Web server","score":0.4441301226615906},{"id":"https://openalex.org/keywords/identifier","display_name":"Identifier","score":0.43289950489997864},{"id":"https://openalex.org/keywords/task","display_name":"Task (project management)","score":0.41594868898391724},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.2861011028289795},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.26768890023231506},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.15595820546150208},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.12064030766487122}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7793893814086914},{"id":"https://openalex.org/C2779182362","wikidata":"https://www.wikidata.org/wiki/Q17126187","display_name":"Session (web analytics)","level":2,"score":0.7652097940444946},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.7501609921455383},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.5876935720443726},{"id":"https://openalex.org/C41065033","wikidata":"https://www.wikidata.org/wiki/Q2825412","display_name":"Adversary","level":2,"score":0.5135488510131836},{"id":"https://openalex.org/C148417208","wikidata":"https://www.wikidata.org/wiki/Q4825882","display_name":"Authentication (law)","level":2,"score":0.4859370291233063},{"id":"https://openalex.org/C11392498","wikidata":"https://www.wikidata.org/wiki/Q11288","display_name":"Web server","level":3,"score":0.4441301226615906},{"id":"https://openalex.org/C154504017","wikidata":"https://www.wikidata.org/wiki/Q853614","display_name":"Identifier","level":2,"score":0.43289950489997864},{"id":"https://openalex.org/C2780451532","wikidata":"https://www.wikidata.org/wiki/Q759676","display_name":"Task (project management)","level":2,"score":0.41594868898391724},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.2861011028289795},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.26768890023231506},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.15595820546150208},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.12064030766487122},{"id":"https://openalex.org/C201995342","wikidata":"https://www.wikidata.org/wiki/Q682496","display_name":"Systems engineering","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/1982185.1982511","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1982185.1982511","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2011 ACM Symposium on Applied Computing","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.550000011920929,"display_name":"Peace, Justice and strong institutions"},{"id":"https://metadata.un.org/sdg/10","score":0.4399999976158142,"display_name":"Reduced inequalities"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":10,"referenced_works":["https://openalex.org/W39495240","https://openalex.org/W149605627","https://openalex.org/W1588234377","https://openalex.org/W1779735989","https://openalex.org/W1863896037","https://openalex.org/W2119085032","https://openalex.org/W2126207747","https://openalex.org/W2162316255","https://openalex.org/W2182872149","https://openalex.org/W6906355099"],"related_works":["https://openalex.org/W4378651134","https://openalex.org/W4388150944","https://openalex.org/W4252684102","https://openalex.org/W2352307597","https://openalex.org/W1979633005","https://openalex.org/W2163724607","https://openalex.org/W3135403405","https://openalex.org/W2023227762","https://openalex.org/W2608983118","https://openalex.org/W1980092392"],"abstract_inverted_index":{"The":[0],"term":[1],"'Session":[2],"Fixation":[3,98],"vulnerability'":[4],"subsumes":[5],"issues":[6],"in":[7,56],"Web":[8,44,122],"applications":[9],"that":[10,112],"under":[11],"certain":[12],"circumstances":[13],"enable":[14],"the":[15,25,34,39,42,48,57,62,69,73,78,117],"adversary":[16],"to":[17,36,106],"perform":[18],"a":[19,108,120],"Session":[20,97],"Hijacking":[21],"attack":[22,32],"through":[23],"controlling":[24],"victim's":[26],"session":[27,81],"identifier":[28],"value.":[29],"A":[30],"successful":[31],"allows":[33],"attacker":[35],"fully":[37],"impersonate":[38],"victim":[40],"towards":[41],"vulnerable":[43,121],"application.":[45,123],"We":[46],"analyse":[47],"vulnerability":[49],"pattern":[50],"and":[51,72,89],"identify":[52],"its":[53],"root":[54],"cause":[55],"separation":[58],"of":[59,80,101,119],"concerns":[60],"between":[61],"application":[63],"logic,":[64],"which":[65,76],"is":[66,104],"responsible":[67],"for":[68,95],"authentication":[70],"processes,":[71],"framework":[74],"support,":[75],"handles":[77],"task":[79],"tracking.":[82],"Based":[83],"on":[84],"this":[85],"result,":[86],"we":[87],"present":[88],"discuss":[90],"three":[91],"distinct":[92],"server-side":[93],"measures":[94],"mitigating":[96],"vulnerabilities.":[99],"Each":[100],"our":[102],"countermeasures":[103],"tailored":[105],"suit":[107],"specific":[109],"real-life":[110],"scenario":[111],"might":[113],"be":[114],"encountered":[115],"by":[116],"operator":[118]},"counts_by_year":[{"year":2025,"cited_by_count":3},{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":3},{"year":2022,"cited_by_count":1},{"year":2021,"cited_by_count":3},{"year":2020,"cited_by_count":2},{"year":2019,"cited_by_count":2},{"year":2018,"cited_by_count":1},{"year":2017,"cited_by_count":3},{"year":2016,"cited_by_count":2},{"year":2015,"cited_by_count":6},{"year":2014,"cited_by_count":6},{"year":2013,"cited_by_count":3},{"year":2012,"cited_by_count":5}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}