This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Category:WASS Authentication Identifer

From OWASP
Revision as of 04:33, 19 May 2006 by MikeAndrews (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Establish a new session identifier upon user authentication

A session identifier is a way to keep track of an authenticated session. Reusing a session identifier that was available before authentication could provide a user a means of discoving a users authenticated session identifier value.

1. A new session identifier should be created when a user is authenticated and when their role/privilage changes in the application

This category currently contains no pages or media.

Retrieved from "https://wiki.owasp.org/index.php?title=Category:WASS_Authentication_Identifer&oldid=2740"