Documentation - V-222388

V-222388

Application Security and Development Security Technical Implementation Guide

CAT II

Title

The application must clear temporary storage and cookies when the session is terminated.

Description

<VulnDiscussion>Persistent cookies are a primary means by which a web application will store application state and user information. Since HTTP is a stateless protocol, this persistence allows the web application developer to provide a robust and customizable user experience. However, if a web application stores user authentication information within a persistent cookie or other temporary storage mechanism, this information can be stolen and used to compromise the users account. Likewise, HTM...

Fix Text (Documentation Requirement)

Design and configure the application to clear sensitive data from cookies and local storage when the user logs out of the application.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel