TRIAL REQUEST A DEMO LOGIN

Prevent Unauthorized used of session ID

Impact area

Security

Severity

Medium

Affected element

Org Config

Rule ID

SF-0169

Impact

Allowing code access the Session ID cookie increases the vulnerability to session hijacking attacks.


Remediation

Enable this setting. From Setup, enter "Session Settings" in the Quick Find box, then select Session Settings. Then enable "Require HttpOnly attribute".

Time to fix

30 min

References

This rule is linked to Common Weakness Enumeration CWE-284 Improper Access Control.

What's here


Related content

Org Configuration rules

Common Weakness Enumeration (CWE™)




Last modified on Oct 13, 2020
Copyright © QualityClouds 2021