Cookie attacks, XSS, CSRF and Session fixation attacks
Cross Site scripting (XSS)
Cross Site scripting attacks intend to steal your cookies. Such attack is done by a malicious script inserted to the page. The attacker is a user of the website and he inserts the malicious script, to steal another website user cookie, by submitting the script through a vulnerable form of the website. Normally you can see this attack in forums or pages that a user can post a comment and other sees that post. If the website does not validate the comment input, it can contain a malicious java script to steal session id cookie.
Cross site request Forgery (CSRF)
Cross site request Forgery (CSRF) attack is actually the successor of XSS attacks. After many browsers added the functionality to defend against XSS attack, attackers tried to look at the issue from a different angle. An attacker wants to perform an action on behalf of the user after he or she steals the Session ID cookie so instead of stealing they perform the action on the client’s system. This way the defense to protect the cookies does not work anymore because the attacker does not steal the cookie but instead he uses it.
Session fixation attack
Session Fixation is my favorite! In a session fixation attack instead of stealing or using the cookie the attacker forces the victim to use a session id cookie. Using that session id cookie the attacker fools the victim to authenticate and then after a successful authentication the attacker uses the stolen session cookie to perform his malicious tasks. This attack is possible because for example in PHP you can send the session id using a query string or a post variable back to the server. The variable name should be the same as the cookie name for the session id and the server must not have set the Session Id cookie before the attack. If these pre conditions are met the server uses the received session id value as the session id cookie. In a phishing attack scenario a session fixation can play a very important part.