Impact. When a session fixation attack is successful, the attacker has access to the victim's account. This could imply higher-level privileges or the capacity to examine sensitive information.
Session Fixation is a type of attack that allows an attacker to take control of a legitimate user session. The attack focuses on a flaw in the way a web application, specifically the susceptible web application, manages the session ID.
Session hijacking (also known as cookie hijacking or cookie side-jacking) is a type of cyber-attack in which attackers take control of a legitimate user's computer session in order to get their session ID and then use that ID to access a variety of network services.
The attacker tries to take the ID of a victim's session once the user logs in in a session hijacking attack. In a session fixation attack, the attacker has already gained access to a genuine session and attempts to persuade the victim to use it for his or her own objectives.
Cyber Forensics Masterclass with Hands on learning