Found an good white paper to day on Session Fixation, this a new form of attack on web apps. The paper can be found here

http://www.acros.si/papers/session_fixation.pdf

Well worth having a read

SittingDuck