This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Cornucopia - Ecommerce Website - SM 7"
From OWASP
(Created page with "{{DISPLAYTITLE:<span style="padding:2px 5px 0px 5px;color:white;background:#98c477;">Cornucopia - Ecommerce Website - SM 7</span>}} File:Cornucopia_-_Ecommerce_Website_SM_7....") |
|||
| Line 40: | Line 40: | ||
</tr> | </tr> | ||
</table> | </table> | ||
| − | |||
| − | |||
| − | |||
| − | |||
Latest revision as of 16:21, 21 January 2016
Suit: Session management
Card/Value: 7
Description:
Casey can utilize Adam's session after he has finished, because there is no log out function, or he cannot easily log out, or log out does not properly terminate the session.
Technical Note:
Users should be able to log out from any pages protected by access control (authentication and authorisation checks). The logout functionality should fully terminate the associated session or connection such that the session identifier is no longer usable.
References:
| OWASP SCP | OWASP ASVS | OWASP AppSensor | CAPEC | SAFECODE |
|---|---|---|---|---|
| 62 | 3.2 | - | 21 | 28 |
| 63 | 3.5 |
