security-review-owasp-session-management
CommunityReview session security flaws fast
Software Engineering#authentication#owasp#session management#security review#cookies#logout#hijacking
Authorsjinks
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill helps reviewers detect weaknesses in session handling that can lead to hijacking, fixation, replay, or sessions that outlive their intended security boundaries.
Core Features & Use Cases
- Cookie and transport review: Checks Secure, HttpOnly, SameSite, Domain, Path, TLS, and HSTS-related exposure for authenticated flows.
- Lifecycle and timeout analysis: Evaluates session regeneration, privilege-change handling, idle and absolute expiration, logout invalidation, and reauthentication behavior.
- Client storage and monitoring checks: Examines session token storage, browser cache exposure, and session logging or anomaly-detection gaps.
- Use Case: Review a login and account-management flow to confirm the session changes after authentication, cannot be fixed by an attacker, and is destroyed on logout.
Quick Start
Ask this skill to review the authentication flow for session fixation, cookie hardening, timeout enforcement, logout invalidation, and client-side storage risks.
Dependency Matrix
Required Modules
None requiredComponents
references
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: security-review-owasp-session-management Download link: https://github.com/sjinks/ai-owasp-skillset/archive/main.zip#security-review-owasp-session-management Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 537,000+ vetted skills library on demand.