Session Hijacking(Intended Behavior) - Please read the steps once. It looks different issue "Session not expired after logout"

Question

Session Hijacking(Intended Behavior) - Please read the steps once. It looks different issue "Session not expired after logout"

infosecsanyam261 opened this issue 3 years ago · 1 comments

In this book, here is the one topic which is related to Session Hijacking. As I observed this is another issue Session not expired after logout not a session hijacking

"Session Hijacking(Intended Behavior)
Steps:
1.Create your account
2.Login your account
3.Use cookie editor extension in browser
4.Copy all the target cookies
5.Logout your account
6.Paste that cookies in cookie editor extension
7.Refresh page if you are logged in than this is a session hijacking"

URl - https://github.com/KathanP19/HowToHunt/blob/master/Broken_Auth_And_Session_Management/Session_based_bugs.md

Please fix this in the book. Thanks

Answer 1 · 2021-04-23T10:56:06.000Z

Yes you are right both are similar issue, but with two different testing method.
You can check the reset password method first if not work then try with cookie copy pasting scene

There is no lose to try both of those issues as they are around p4-p5 as mentioned depends on the program and platform

Thanks for reaching us, we are interested to know if you have more concern to share
Have a sweet day