> ## Documentation Index
> Fetch the complete documentation index at: https://docs.codeant.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Session fixation

<AccordionGroup>
  <Accordion title="session-fixation">
    Detected `$REQ` argument which enters `$RES.$HEADER`, this can lead to session fixation vulnerabilities if an attacker can control the cookie value. This vulnerability can lead to unauthorized access to accounts, and in some esoteric cases, Cross-Site-Scripting (XSS). Users should not be able to influence cookies directly, for session cookies, they should be generated securely using an approved session management library. If the cookie does need to be set by a user, consider using an allow-list based approach to restrict the cookies which can be set.<br />**Likelihood**: HIGH<br />**Confidence**: MEDIUM<br />**CWE**: <br />- CWE-384: Session Fixation
    <br />**OWASP**: <br />- A02:2017 - Broken Authentication
    <br />- A07:2021 - Identification and Authentication Failures
  </Accordion>
</AccordionGroup>