0
 Followers
1
 Like

Renew Session After Privilege Change

Backend
New

The Users module should have the ability to automatically renew the session ID at log-in, log-out, and after password change to prevent session fixation attacks.

See https://www.owasp.org/index.php/Session_Management_Cheat_Sheet#Renew_the_Session_ID_After_Any_Privilege_Level_Change

Created on 3 Sep 2018
Comments (1)

Changed the category to Backend


views
244
Followers
0