Verify that session ids stored in cookies have their path set to an
appropriately restrictive value for the application, and authentication
session tokens additionally set the “HttpOnly” and “secure” attributes.
Verify that session ids stored in cookies have their path set to an
appropriately restrictive value for the application, and authentication
session tokens additionally set the “HttpOnly” and “secure” attributes.