Documentation - V-214277

V-214277

Apache Server 2.4 UNIX Site Security Technical Implementation Guide

CAT II

Title

The Apache web server must perform server-side session management.

Description

<VulnDiscussion>Session management is the practice of protecting the bulk of the user authorization and identity information. This data can be stored on the client system or on the server. When the session information is stored on the client, the session ID, along with the user authorization and identity information, is sent along with each client request and is stored in a cookie, embedded in the uniform resource locator (URL), or placed in a hidden field on the displayed form. Each of these...

Fix Text (Documentation Requirement)

If the modules are not installed, install any missing packages. Add the following lines to the "httpd.conf" file: LoadModule usertrack_module modules/mod_usertrack.so LoadModule session_module modules/mod_session.so Additional documentation can be found at: https://httpd.apache.org/docs/2.4/mod/mod_usertrack.html https://httpd.apache.org/docs/2.4/mod/mod_session.html Restart Apache: apachectl restart

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel