Documentation - V-222582

V-222582

Application Security and Development Security Technical Implementation Guide

CAT II

Title

The application must not re-use or recycle session IDs.

Description

<VulnDiscussion>Many web development frameworks such as PHP, .NET, and ASP include their own mechanisms for session management. Whenever possible it is recommended to utilize the provided session management framework. Session identifiers are assigned to application users so they can be uniquely identified. This allows the user to customize their web application experience and also allows the developer to differentiate between users thereby providing the opportunity to customize the user’s featu...

Fix Text (Documentation Requirement)

Design the application to not re-use session IDs.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel