V3.4 — Cookie-based Session Management
Cookie-based Session Management: 5 L3 requirement(s). V3.4.1: Verify that cookie-based session tokens have the 'Secure' attribute set. (C6) V3.4.2: Verify that cookie-based session tokens have the 'HttpOnly' attribute set. (C6) V3.4.3: Verify that cookie-based session tokens utilize the 'SameSite' attribute to limit exposure to cross-site request forgery... ... and 2 more.
| Property | Value |
|---|---|
| Section | V3.4 |
| Owner | platform |
Mapped Controls
| Control | Title |
|---|---|
| SID-AUTH-02 | JWT Bearer Token Session Management |
Source: OWASP Application Security Verification Standard 4.0.3