\begin{result}
The logout functionality is plainly visible on the top right of the
application on every page that requires authentication. This is defined in
- \srcref{admin/themes/header.php}{16-30}
+ \srcref{admin/themes/header.php}{16{-}30}
\end{result}
\end{result}
+ \setcounter{enumi}{9}
\notapplicable{%
\item
Verify that only session ids generated by the application framework are
session tokens additionally set the “HttpOnly” and “secure” attributes.
\begin{result}
There is just one cookie for tha application and it's path includes the whole
- site. However this seems appropriate. The "HttpOnly" and "secure"
+ site. However this seems appropriate. The ``HttpOnly'' and ``secure''
attributes are not set for this cookie.
\end{result}
+ \setcounter{enumi}{15}
\item
\pass{}
Verify that the application limits the number of active concurrent sessions.
Verify the user is prompted with the option to terminate all other active
sessions after a successful change password process.
\begin{result}
- There is no such option, also notqeable is that there is no confirmation for
+ There is no such option, also notaeable is that there is no confirmation for
the password change.
\end{result}