{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,27]],"date-time":"2025-11-27T10:07:51Z","timestamp":1764238071126,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":23,"publisher":"ACM","license":[{"start":{"date-parts":[[2011,3,21]],"date-time":"2011-03-21T00:00:00Z","timestamp":1300665600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2011,3,21]]},"DOI":"10.1145\/1982185.1982511","type":"proceedings-article","created":{"date-parts":[[2011,5,17]],"date-time":"2011-05-17T12:59:14Z","timestamp":1305637154000},"page":"1531-1537","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":30,"title":["Reliable protection against session fixation attacks"],"prefix":"10.1145","author":[{"given":"Martin","family":"Johns","sequence":"first","affiliation":[{"name":"SAP Research"}]},{"given":"Bastian","family":"Braun","sequence":"additional","affiliation":[{"name":"University of Passau"}]},{"given":"Michael","family":"Schrank","sequence":"additional","affiliation":[{"name":"University of Passau"}]},{"given":"Joachim","family":"Posegga","sequence":"additional","affiliation":[{"name":"University of Passau"}]}],"member":"320","published-online":{"date-parts":[[2011,3,21]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"JAMWiki. {software} http:\/\/jamwiki.org\/ Version 0.8.0 December 2009.  JAMWiki. {software} http:\/\/jamwiki.org\/ Version 0.8.0 December 2009."},{"key":"e_1_3_2_1_2_1","unstructured":"CherryPy - Lightweight pythonic web framework. {software} http:\/\/www.cherrypy.org\/ April 2010.  CherryPy - Lightweight pythonic web framework. {software} http:\/\/www.cherrypy.org\/ April 2010."},{"key":"e_1_3_2_1_3_1","unstructured":"URLlib2 - Python HTTP URL opener library. {software} http:\/\/docs.python.org\/library\/urllib2.html April 2010.  URLlib2 - Python HTTP URL opener library. {software} http:\/\/docs.python.org\/library\/urllib2.html April 2010."},{"key":"e_1_3_2_1_4_1","unstructured":"W. Alcorn. Inter-Protocol Exploitation. Whitepaper NGSSoftware Insight Security Research (NISR) http:\/\/www.ngssoftware.com\/research\/papers\/InterProtocolExploitation.pdf March 2007.  W. Alcorn. Inter-Protocol Exploitation. Whitepaper NGSSoftware Insight Security Research (NISR) http:\/\/www.ngssoftware.com\/research\/papers\/InterProtocolExploitation.pdf March 2007."},{"key":"e_1_3_2_1_5_1","unstructured":"D. Endler. The Evolution of Cross-Site Scripting Attacks. Whitepaper iDefense Inc. http:\/\/www.cgisecurity.com\/lib\/XSS.pdf May 2002.  D. Endler. The Evolution of Cross-Site Scripting Attacks. Whitepaper iDefense Inc. http:\/\/www.cgisecurity.com\/lib\/XSS.pdf May 2002."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"crossref","unstructured":"R. Fielding J. Gettys J. Mogul H. Frystyk L. Masinter P. Leach and T. Berners-Lee. Hypertext transfer protocol -- http\/1.1. RFC 2616 http:\/\/www.w3.org\/Protocols\/rfc2616\/rfc2616.html June 1999.   R. Fielding J. Gettys J. Mogul H. Frystyk L. Masinter P. Leach and T. Berners-Lee. Hypertext transfer protocol -- http\/1.1. RFC 2616 http:\/\/www.w3.org\/Protocols\/rfc2616\/rfc2616.html June 1999.","DOI":"10.17487\/rfc2616"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1007\/11863908_27"},{"volume-title":"OWASP Europe 2006","year":"2006","author":"Johns M.","key":"e_1_3_2_1_8_1"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/SECCOMW.2006.359531"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/1141277.1141357"},{"key":"e_1_3_2_1_11_1","unstructured":"A. Klein. \"Divide and Conquer\" - HTTP Response Splitting Web Cache Poisoning Attacks and Related Topics. Whitepaper Sanctum Inc. http:\/\/packetstormsecurity.org\/papers\/general\/whitepaper_httpresponse.pdf March 2004.  A. Klein. \"Divide and Conquer\" - HTTP Response Splitting Web Cache Poisoning Attacks and Related Topics. Whitepaper Sanctum Inc. http:\/\/packetstormsecurity.org\/papers\/general\/whitepaper_httpresponse.pdf March 2004."},{"key":"e_1_3_2_1_12_1","unstructured":"M. Kolsek. Session Fixation Vulnerability in Web-based Applications. Whitepaper Acros Security http:\/\/www.acrossecurity.com\/papers\/session_fixation.pdf December 2002.  M. Kolsek. Session Fixation Vulnerability in Web-based Applications. Whitepaper Acros Security http:\/\/www.acrossecurity.com\/papers\/session_fixation.pdf December 2002."},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"crossref","unstructured":"D. Kristol and L. Montulli. HTTP State Management Mechanism. RFC 2965 http:\/\/www.ietf.org\/rfc\/rfc2965.txt October 2000.   D. Kristol and L. Montulli. HTTP State Management Mechanism. RFC 2965 http:\/\/www.ietf.org\/rfc\/rfc2965.txt October 2000.","DOI":"10.17487\/rfc2965"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.5555\/1884848.1884865"},{"key":"e_1_3_2_1_15_1","unstructured":"OWASP German Chapter. OWASP Best Practices: Use of Web Application Firewalls. {whitepaper} http:\/\/www.owasp.org\/index.php\/Category:OWASP_Best_Practices:_Use_of_Web_Application_Firewalls July 2008.  OWASP German Chapter. OWASP Best Practices: Use of Web Application Firewalls. {whitepaper} http:\/\/www.owasp.org\/index.php\/Category:OWASP_Best_Practices:_Use_of_Web_Application_Firewalls July 2008."},{"key":"e_1_3_2_1_16_1","unstructured":"PHP Group. session regenerate_id(). PHP documentation {online} http:\/\/www.php.net\/manual\/de\/function.session-regenerate-id.php (4\/4\/10) June 2010.  PHP Group. session regenerate_id(). PHP documentation {online} http:\/\/www.php.net\/manual\/de\/function.session-regenerate-id.php (4\/4\/10) June 2010."},{"key":"e_1_3_2_1_17_1","unstructured":"J. Ruderman. The Same Origin Policy. {online} http:\/\/www.mozilla.org\/projects\/security\/components\/same-origin.html (01\/10\/06) August 2001.  J. Ruderman. The Same Origin Policy. {online} http:\/\/www.mozilla.org\/projects\/security\/components\/same-origin.html (01\/10\/06) August 2001."},{"key":"e_1_3_2_1_18_1","unstructured":"M.\n       \n      Schrank B.\n       \n      Braun M.\n       \n      Johns and \n      \n      \n      J.\n       \n      Posegga\n      \n  \n  . \n  Session Fixation - the Forgotten Vulnerability? In Proceedings of GI Sicherheit\n   \n  2010 Lecture Notes in Informatics\n   (\n  LNI) 2010.  M. Schrank B. Braun M. Johns and J. Posegga. Session Fixation - the Forgotten Vulnerability? In Proceedings of GI Sicherheit 2010 Lecture Notes in Informatics (LNI) 2010."},{"key":"e_1_3_2_1_19_1","unstructured":"Sun Microsystems Inc. J2EE - Java Platform Enterprise Edition 5. {online} http:\/\/java.sun.com\/javaee\/technologies\/javaee5.jsp (05\/05\/07) 2007.  Sun Microsystems Inc. J2EE - Java Platform Enterprise Edition 5. {online} http:\/\/java.sun.com\/javaee\/technologies\/javaee5.jsp (05\/05\/07) 2007."},{"key":"e_1_3_2_1_20_1","unstructured":"The Open Web Application Security Project (OWASP). Session Fixation. {online} http:\/\/www.owasp.org\/index.php\/Session_Fixation February 2009.  The Open Web Application Security Project (OWASP). Session Fixation. {online} http:\/\/www.owasp.org\/index.php\/Session_Fixation February 2009."},{"key":"e_1_3_2_1_21_1","unstructured":"The Web Application Security Consortium (WASC). Session Fixation. {online} http:\/\/projects.webappsec.org\/Session-Fixation January 2010.  The Web Application Security Consortium (WASC). Session Fixation. {online} http:\/\/projects.webappsec.org\/Session-Fixation January 2010."},{"key":"e_1_3_2_1_22_1","unstructured":"J. Topf. The html form protocol attack. TechNote http:\/\/www.remote.org\/jochen\/sec\/hfpa\/hfpa.pdf August 2001.  J. Topf. The html form protocol attack. TechNote http:\/\/www.remote.org\/jochen\/sec\/hfpa\/hfpa.pdf August 2001."},{"key":"e_1_3_2_1_23_1","unstructured":"M. Zalewski. Cross Site Cooking. Whitepaper http:\/\/www.securiteam.com\/securityreviews\/5EP0L2KHFG.html January 2006.  M. Zalewski. Cross Site Cooking. Whitepaper http:\/\/www.securiteam.com\/securityreviews\/5EP0L2KHFG.html January 2006."}],"event":{"name":"SAC'11: The 2011 ACM Symposium on Applied Computing","sponsor":["SIGAPP ACM Special Interest Group on Applied Computing"],"location":"TaiChung Taiwan","acronym":"SAC'11"},"container-title":["Proceedings of the 2011 ACM Symposium on Applied Computing"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1982185.1982511","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1982185.1982511","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T10:52:56Z","timestamp":1750243976000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1982185.1982511"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2011,3,21]]},"references-count":23,"alternative-id":["10.1145\/1982185.1982511","10.1145\/1982185"],"URL":"https:\/\/doi.org\/10.1145\/1982185.1982511","relation":{},"subject":[],"published":{"date-parts":[[2011,3,21]]},"assertion":[{"value":"2011-03-21","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}