April 23, 2009
Explaining the OAuth Session Fixation Attack