Skills

session-fixation-anti-pattern

Installation
SKILL.md

Session Fixation Anti-Pattern

Severity: High

Summary

Attackers fix a user's session ID before login. The attacker obtains a valid session ID, tricks the victim into using it, and when authentication fails to regenerate the session ID, hijacks the victim's authenticated session.

The Anti-Pattern

The anti-pattern is reusing the same session ID before and after authentication.

BAD Code Example

# VULNERABLE: Session ID not regenerated after login.
from flask import Flask, session, redirect, url_for, request

app = Flask(__name__)
Related skills

More from igbuend/grimbard

Installs
7
Repository
igbuend/grimbard
GitHub Stars
4
First Seen
Jan 20, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykPass