Testing for Session Management

Session Management Testing
Intro here.

4.5.1 Cookie and Session Token Manipulation 4.5.2 Weak Session Tokens 4.5.3 Session Riding 4.5.4 Exposed Session Variables 4.5.5 HTTP Exploit

Session token transport security and reuse of session tokens from HTTP to HTTPS [][Completed]Javier Fernandez-Sanguino

OWASP Testing Guide v2 Table of Contents