rspec/rules/S5328/description.adoc


			
				
					
						
						
						
							
							
							If a session ID can be guessed (not generated with a secure pseudo random generator, or with insufficient length ...) an attacker may be able to hijack another user's session.

						
						
					
				
				
					
						Reference in New Issue
					
					View Git Blame
					Copy Permalink