Session fixation is one of those bugs where I have to wonder what framework authors were thinking. It’s more work to have the bug than to not have the bug.
Man! People are scum.
Because they found security vulnerabilities?
People aren’t scum if they break a barrier. They are curious and mistakenly devious.