3.4 Cookie-based Session Management¶
Browse by item:
- 3.4.1 Cookie-based session tokens have the ‘Secure’ attribute set
- 3.4.2 Cookie-based session tokens have the ‘HttpOnly’ attribute set
- 3.4.3 Cookie-based session tokens utilize the ‘SameSite’ attribute
- 3.4.4 Cookie-based session tokens provide session cookie confidentiality
- 3.4.5 The application is published under a domain name with other applications that set or use session cookies that might override or disclose the session cookie