Hueniverse: Explaining the OAuth Session Fixation Attack http://www.hueniverse.com/hueniverse/2009/04/explaining-the-oauth-session-fixation-attack.html