Category:WASS Authentication Identifer

From OWASP

Establish a new session identifier upon user authentication

A session identifier is a way to keep track of an authenticated session. Reusing a session identifier that was available before authentication could provide a user a means of discoving a users authenticated session identifier value.

1. A new session identifier should be created when a user is authenticated and when their role/privilage changes in the application

This category currently contains no articles or media.

Retrieved from "http://www.owasp.org/index.php/Category:WASS_Authentication_Identifer"

Views

Category
Discussion
View source
History

Personal tools

Reference

How To...
Principles
Threat Agents
Attacks
Vulnerabilities
Countermeasures
Activities
Technologies
Glossary
Code Snippets
.NET Project
Java Project

search

Toolbox

What links here
Related changes
Upload file
Special pages
Printable version
Permanent link