This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Testing for Session Management
From OWASP
Session Management Testing
Intro here.
4.5.1 Cookie and Session Token Manipulation
4.5.2 Weak Session Tokens
4.5.3 Session Riding
4.5.4 Exposed Session Variables
4.5.5 HTTP Exploit
Session token transport security and reuse of session tokens from HTTP to HTTPS [][Completed]Javier Fernandez-Sanguino