[Owasp-cincinnati] Session Destroy References

Edward Sumerfield esumerfd at bitbashers.org
Thu Jun 25 17:24:05 EDT 2009


I was looking for a reference to send someone on recommendations on why to
destroy the web session on login and logout. I could only find the "Destroy
Session on Logout" reference in this OWASP document but nothing for the
login process. Did I miss something or is it something we need to add?

    http://www.owasp.org/index.php/Session_Management

Ed Sumerfield
Ed Sumerfield Consulting, LLC
http://www.edsumerfieldconsulting.com
513-295-7016
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-cincinnati/attachments/20090625/ffffe3df/attachment.html 


More information about the Owasp-cincinnati mailing list