Cornucopia - Ecommerce Website - SM Q

Suit: Session management

Card/Value: Q

Description:
Salim can bypass session management because it is not applied comprehensively and consistently across the application.

Technical Note:
Every part of the application and type of request should verify that the user has a valid current session (if required) and thus their privileges, before undertaking any other data validation and processing.

NB: This relates to application-wide session management control. See SM K for what session management routines to use.

References:
« Previous Card | Session management | Next Card »