This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Cornucopia - Ecommerce Website - SM 3

From OWASP
Jump to: navigation, search
Cornucopia - Ecommerce Website SM 3.png

Suit: Session management

Card/Value: 3

Description:

Ryan can use a single account in parallel since concurrent sessions are allowed.

Technical Note:

In some ecommerce applications it may be desirable to allow customers to be logged in using multiple browsers/devices. However that would be unusual for administrative users, or users of more sensitive data. Even if concurrent sessions are allowed. consider what should occur in other sessions when a user changes their password, or changes their delivery address, or logs out, or times out, or authentication failure occurs.

NB: This card relates to concurrent sessions created by authenticating more than once in different browsers/devices. See SM 6 for using the same session identifier in concurrent sessions.

References:

OWASP SCP OWASP ASVS OWASP AppSensor CAPEC SAFECODE
68 3.16 - - 28




« Previous Card | Session management | Next Card »
Retrieved from "https://wiki.owasp.org/index.php?title=Cornucopia_-_Ecommerce_Website_-_SM_3&oldid=207183"