"Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions." - Entry from the Common Weakness Enumeration
For more info visit CWE-384
The Vulnerability History Project