From 686f39700e275acc86f7f750e02d2c80295357a7 Mon Sep 17 00:00:00 2001
From: Ryan Rudder <96507400+RRudder@users.noreply.github.com>
Date: Fri, 28 Apr 2023 16:42:06 +1000
Subject: [PATCH] Updates to recommendations for All three session fixation
 variants

(The same recommendation text is used across all three)
---
 .../session_fixation/local_attack_vector/recommendations.md     | 2 +-
 .../session_fixation/recommendations.md                         | 2 +-
 .../session_fixation/remote_attack_vector/recommendations.md    | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/submissions/description/broken_authentication_and_session_management/session_fixation/local_attack_vector/recommendations.md b/submissions/description/broken_authentication_and_session_management/session_fixation/local_attack_vector/recommendations.md
index 63b99f91..b87d686e 100644
--- a/submissions/description/broken_authentication_and_session_management/session_fixation/local_attack_vector/recommendations.md
+++ b/submissions/description/broken_authentication_and_session_management/session_fixation/local_attack_vector/recommendations.md
@@ -1,6 +1,6 @@
 # Recommendation(s)
 
-The application should implement a session token renewal once a user has successfully authenticated.
+The application should use a unique, randomly generated session identifier for each session and ensure that the identifier is regenerated upon successful authentication.
 
 For further information, please see:
 
diff --git a/submissions/description/broken_authentication_and_session_management/session_fixation/recommendations.md b/submissions/description/broken_authentication_and_session_management/session_fixation/recommendations.md
index 63b99f91..b87d686e 100644
--- a/submissions/description/broken_authentication_and_session_management/session_fixation/recommendations.md
+++ b/submissions/description/broken_authentication_and_session_management/session_fixation/recommendations.md
@@ -1,6 +1,6 @@
 # Recommendation(s)
 
-The application should implement a session token renewal once a user has successfully authenticated.
+The application should use a unique, randomly generated session identifier for each session and ensure that the identifier is regenerated upon successful authentication.
 
 For further information, please see:
 
diff --git a/submissions/description/broken_authentication_and_session_management/session_fixation/remote_attack_vector/recommendations.md b/submissions/description/broken_authentication_and_session_management/session_fixation/remote_attack_vector/recommendations.md
index 63b99f91..b87d686e 100644
--- a/submissions/description/broken_authentication_and_session_management/session_fixation/remote_attack_vector/recommendations.md
+++ b/submissions/description/broken_authentication_and_session_management/session_fixation/remote_attack_vector/recommendations.md
@@ -1,6 +1,6 @@
 # Recommendation(s)
 
-The application should implement a session token renewal once a user has successfully authenticated.
+The application should use a unique, randomly generated session identifier for each session and ensure that the identifier is regenerated upon successful authentication.
 
 For further information, please see: