Difference between revisions of "ESAPI Session Management"

From OWASP
Jump to: navigation, search
Line 8: Line 8:
  
 
* Separate session management API and CSRF from the Authentication and HTTP utilities
 
* Separate session management API and CSRF from the Authentication and HTTP utilities
 +
 +
* Add a flag to the changeSessionIdentifier method to not copy session content
 +
 +
*

Revision as of 09:37, 11 December 2008

Feature Overview

TODO

Possible Enhancements

  • Add a secure form tag that does CSRF as well as other form protections like autocomplete
  • Separate session management API and CSRF from the Authentication and HTTP utilities
  • Add a flag to the changeSessionIdentifier method to not copy session content