Persistent Session


Description

The application sets a persistent cookie with an expiration date set in the future.  The cookie is stored locally on the computer and remains active for an extended period of time after the individual session is terminated, increasing the window of opportunity for attackers.

Custom Description

Impact

Risk Rating

Remediation

How To Test

Sample Report Screenshots

Time Saving Tips

Testing Gotchas

References

 

Subscribe here in order to gain access to the AppSec Findings Database

 

Leave a Reply