Verify that the session id is never disclosed in URLs, error messages, or
logs. This includes verifying that the application does not support URL
rewriting of session cookies.
Verify that the session id is never disclosed in URLs, error messages, or
logs. This includes verifying that the application does not support URL
rewriting of session cookies.