Exploitation is harder using cookies, see http://en.wikipedia.org/wiki/Cross-site_cooking
Someone an argue that the bug is in the browser of course, but nevertheless creating a new session cookie after login seems to be missing. Not sure if it is django's responsibility or if it is designed to be done by the dashboard.
Another attack vector can be a XSS attack, see https://www.owasp.org/index.php/Session_fixation
Exploitation is harder using cookies, see http:// en.wikipedia. org/wiki/ Cross-site_ cooking
Someone an argue that the bug is in the browser of course, but nevertheless creating a new session cookie after login seems to be missing. Not sure if it is django's responsibility or if it is designed to be done by the dashboard.
Another attack vector can be a XSS attack, see /www.owasp. org/index. php/Session_ fixation
https:/