Prevent Unauthorised used of session ID

Impact area

Security

Severity

Medium

Affected element

Org Config

Rule ID

SF-0169

Impact

Allowing code access the Session ID cookie increases the vulnerability to session hijacking attacks.


Remediation

Enable this setting. From Setup, enter "Session Settings" in the Quick Find box, then select Session Settings. Then enable "Require HttpOnly attribute".

Time to fix

30 min

What's here


Related content

Org Configuration rules