Category:WASS Authentication Identifer

De OWASP
Saltar a: navegación, buscar

Establish a new session identifier upon user authentication

A session identifier is a way to keep track of an authenticated session. Reusing a session identifier that was available before authentication could provide a user a means of discoving a users authenticated session identifier value.

1. A new session identifier should be created when a user is authenticated and when their role/privilage changes in the application

La categoría no contiene ninguna página o archivo.