rspec/rules/S3268/rule.adoc

To prevent session hijacking each sensitive form should include a one-time-use security token. Once the form is submitted, the token is invalidated and another token is generated for the next form. This prevents attackers who have intercepted or guessed a valid session id from exploiting it.


This rule raises an issue when a form is generated.
	`To prevent session hijacking each sensitive form should include a one-time-use security token. Once the form is submitted, the token is invalidated and another token is generated for the next form. This prevents attackers who have intercepted or guessed a valid session id from exploiting it.`


	`This rule raises an issue when a form is generated.`