...
This solution also invalidates the current session and creates a new session to avoid session fixation attacks; see [OWASP 2009]. The solution also reduces the window in which an attacker could perform a session hijacking attack by setting the session timeout to one.
...
Applicability
Violation of this rule places sensitive information within cookies, making the information vulnerable to packet sniffing or cross-site scripting attacks.
...
Guideline
...
Severity
...
Likelihood
...
Remediation Cost
...
Priority
...
Level
...
FIO50-JG
...
medium
...
probable
...
...
P8
...
L2
Related Guidelines
CWE-539 "Information Exposure through Persistent Cookies" |
...
...