Talk:Session Management

From OWASP
Revision as of 11:24, 18 June 2009 by Javifs (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

This chapter needs to be broken into:

Session fundamentals - crypto - idle - etc

Session storage - client side storage - server side storage

Per-platform - simplify each section - add a J2EE and .NET section


Q: (Javier Fernandez-Sanguino) Should this chapter add a reference (in the "Protecting identifier section") to http://www.owasp.org/index.php/HTTPOnly ? Although not (yet) standard this is supported by all major browsers.