Merge pull request #427 from bugcrowd/Session-Fixation-Local-Attack-V…

…ector Updates to recommendations for All three session fixation variants
bugcrowd · May 15, 2024 · bef8236 · bef8236
2 parents b4f0ced + 686f397
commit bef8236
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 3 deletions.
diff --git a/..._and_session_management/session_fixation/local_attack_vector/recommendations.md b/..._and_session_management/session_fixation/local_attack_vector/recommendations.md
@@ -1,6 +1,6 @@
 # Recommendation(s)
 
-The application should implement a session token renewal once a user has successfully authenticated.
+The application should use a unique, randomly generated session identifier for each session and ensure that the identifier is regenerated upon successful authentication.
 
 For further information, please see:
 

diff --git a/...roken_authentication_and_session_management/session_fixation/recommendations.md b/...roken_authentication_and_session_management/session_fixation/recommendations.md
@@ -1,6 +1,6 @@
 # Recommendation(s)
 
-The application should implement a session token renewal once a user has successfully authenticated.
+The application should use a unique, randomly generated session identifier for each session and ensure that the identifier is regenerated upon successful authentication.
 
 For further information, please see:
 

diff --git a/...and_session_management/session_fixation/remote_attack_vector/recommendations.md b/...and_session_management/session_fixation/remote_attack_vector/recommendations.md
@@ -1,6 +1,6 @@
 # Recommendation(s)
 
-The application should implement a session token renewal once a user has successfully authenticated.
+The application should use a unique, randomly generated session identifier for each session and ensure that the identifier is regenerated upon successful authentication.
 
 For further information, please see: