Documentation - V-214307

V-214307

Apache Server 2.4 Windows Server Security Technical Implementation Guide

CAT II

Title

The Apache web server must perform server-side session management.

Description

<VulnDiscussion>Session management is the practice of protecting the bulk of the user authorization and identity information. Storing of this data can occur on the client system or on the server. When the session information is stored on the client, the session ID, along with the user authorization and identity information, is sent along with each client request and is stored in a cookie, embedded in the uniform resource locator (URL), or placed in a hidden field on the displayed form. Each of ...

Fix Text (Documentation Requirement)

Uncomment the "usertrack_module" module line and the "session_module" module in the <'INSTALL PATH'>\conf\httpd.conf file. Restart the Apache service. Additional documentation can be found at: https://httpd.apache.org/docs/2.4/mod/mod_usertrack.html https://httpd.apache.org/docs/2.4/mod/mod_session.html

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel