"Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions." - Entry from the Common Weakness Enumeration
For more info visit <a href="https://cwe.mitre.org/data/definitions/384.html" target="_blank" rel="noopener noreferrer">CWE-384</a>
The Vulnerability History Project