Applications must validate session identifiers.

An XCCDF Rule

Details
Profiles

Description

Many web development frameworks such as PHP, .NET, and ASP include their own mechanisms for session management. Whenever possible it is recommended to utilize the provided session management framework.

ID: SV-222580r1043180_rule
Version: APSC-DV-002260
Severity: Medium
References: CCI-001664
Updated: about 2 months ago

Remediation Templates

Configure the application to configure user session identifiers.

Applications must validate session identifiers.

Description

Remediation Templates

A Manual Procedure