024 – Transfer information using session objects

Summary

The system must use session objects to transfer information between pages when needed.

Description

Sessions are used to maintain stateful information between different requests from users. A session object typically contains data associated with a user's interactions with an application, such as login status, user preferences and other details.

Supported In

Advanced: True

References

• OWASP10-A2. Cryptographic failures
• NYSHIELD-5575_B_6. Personal and private information
• POPIA-9_72. Transfers of personal information outside Republic
• IEC62443-SI-3_8. Session integrity
• IEC62443-CR-3_1-RE_1. Communication authentication
• WASSEC-6_2_2_5. Authorization - Session weaknesses
• OSSTMM3-10_7_2. Telecommunications security (controls verification) - Confidentiality
• OWASPSCP-9. Communication security

Last updated

2024/01/18