AnsweredAssumed Answered

150069 StaticSession ID - not sure why we're getting one of these or how to fix it!

Question asked by simonmclean on Apr 7, 2014
Latest reply on Apr 7, 2014 by WillB

Hi - a web application scan is picking up 150069 StaticSession ID as a vulnerability. i'm not sure why or how to fix it. The application under test has a logout link in the main navigation, and automatically kills the session after 40 minutes of inactivity (which is deemed appropriate for its use case). After logout/session termination, logging back in generates a new session key.

 

Any ideas?

 

Thanks, Simon

Outcomes