Update: Session_Management_Cheat_Sheet

OWASP / CheatSheetSeries

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

https://cheatsheetseries.owasp.org

Creative Commons Attribution Share Alike 4.0 International

28.09k stars 3.94k forks source link

Update: Session_Management_Cheat_Sheet #1153

Open randomstuff opened 1 year ago

randomstuff commented 1 year ago

What is missing or needs to be updated?

The session management cheat sheet lacks guidance regarding how to store and validate session token (and similar tokens) server-side:

store the session token ;
store hash of the session token ;
use a signed/MACed session token.

How should this be resolved?

R0h1t3 commented 1 year ago

@randomstuff I am currently reading through the OWASP Cheat Sheet Series. Can I work on this? I have a few ideas on how to store and validate them.

jmanico commented 1 year ago

Yes, please! This is all on GitHub and we take PR’s!

R0h1t3 commented 1 year ago

@jmanico I am pretty new to GitHub contribution, so what should I do now? Should I clone the session management cheatsheet, make changes to it and give a pull request or what to do? Kindly guide me through.

kwwall commented 1 year ago

Probably easiest way is to fork it, then clone THAT, make changes, commit, and push to your repo (vs the original upstream one) and then create a PR from your repo.

randomstuff commented 5 months ago

See for example, "How to securely store and use session IDs" on Information Security Stack Exchange.