Fluid Attacks logo
Contact Us
Young hacker smiling
Zero false positives

Expert intelligence + effective automation

Contact logo Contact Us

REQ.032 Avoid session ID leakages

This document contains the details of the security requirements related to the definition and management of sessions and session variables in the organization. This requirement establishes the importance of managing session IDs securely in order to avoid session hijacking attacks.


The system must not expose session IDs in URLs and messages presented to the user.


  1. OWASP-ASVS v3.1-3.6. Test that the session ID is never disclosed in URLs, error messages, or logs. This includes verifying that the application does not support URL rewriting of session cookies.

Service status - Terms of Use