Header injection in HTTP responses can allow for HTTP response splitting (also known as CRLF - Carriage Return Line Feed), Session fixation via the Set-Cookie header, cross-site scripting (XSS), and malicious redirects attacks via the location header.
Note that the following code performs no Cross-site request forgery checks, potentially allowing an attacker to force users to log out of the web application.
session musician | Session Initiation Protocol | Lord President of the Court of Session | Plenary session | Court of Session | Nitrogen fixation | Extraordinary Lord of Session | Session Road | Session musician | Session 9 | plenary session | The Trinity Session | Session initiation protocol | nitrogen fixation | carbon fixation | Blue Suede Shoes: A Rockabilly Session | Session fixation | Session Border Controller | Session Announcement Protocol | Jimmy Page: Session Man | Irish traditional music session | ''Interior of the House of Commons In Session'' by Peter Tillemans | Grind Session | God Fixation | Fixation (psychology) | Carbon fixation | A Miami Heat practice session at the team's preseason training camp in Hurlburt Field | A Blowin' Session | ABC Children's Session |