The above web applications fail to assign new session identities, which allows for a session fixation attack in which the accounts can be hijacked

via Twitter, Microsoft, LinkedIn, Yahoo open to hijacking – Applications – SC Magazine Australia – Secure Business Intelligence.