Prevent Unauthorized used of session ID
Impact area
Security
Severity
Medium
Affected element
Org Config
Rule ID
SF-0169
Impact
Allowing code access the Session ID cookie increases the vulnerability to session hijacking attacks.
Remediation
Enable this setting. From Setup, enter "Session Settings" in the Quick Find box, then select Session Settings. Then enable "Require HttpOnly attribute".
Time to fix
30 min
References
This rule is linked to Common Weakness Enumeration CWE-284 Improper Access Control.