SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 36

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 37

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Wiki Markup
This solution uses a session and not a cookie to store user information. Additionally, the current session is invalidated and a new session is created to avoid session fixation attacks as noted by The Open Web Application Security Project \[SD:OWASP 2009\] .  The timeout of the session has also been set to one hour to minimize the window that an attacker has to perform any a session hijacking attack.

...

Bibliography

Wiki Markup
\[SD:OWASP 2009\] [Session Fixation in Java|http://www.owasp.org/index.php/Session_Fixation_in_Java]
\[SD:OWASP 2010\] [Cross-site Scripting|http://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29]
\[SD:Oracle 2010\] [javax.servlet.http Package API|http://download.oracle.com/javaee/6/api/javax/servlet/http/package-summary.html]
[The World Wide Web Security FAQ|http://www.w3.org/Security/Faq/wwwsf2.html]