CheatSheetSeries icon indicating copy to clipboard operation
CheatSheetSeries copied to clipboard

Published 20 hours ago verified publisher icon OWASP

Update: Session_Management_Cheat_Sheet

Open randomstuff opened this issue 1 year ago • 5 comments

What is missing or needs to be updated?

The session management cheat sheet lacks guidance regarding how to store and validate session token (and similar tokens) server-side:

  • store the session token ;
  • store hash of the session token ;
  • use a signed/MACed session token.

How should this be resolved?

randomstuff avatar Jun 23 '23 09:06 randomstuff