security-review-owasp-session-management

Community

Review session security flaws fast

Authorsjinks
Version1.0.0
Installs0

System Documentation

What problem does it solve?

This Skill helps reviewers detect weaknesses in session handling that can lead to hijacking, fixation, replay, or sessions that outlive their intended security boundaries.

Core Features & Use Cases

  • Cookie and transport review: Checks Secure, HttpOnly, SameSite, Domain, Path, TLS, and HSTS-related exposure for authenticated flows.
  • Lifecycle and timeout analysis: Evaluates session regeneration, privilege-change handling, idle and absolute expiration, logout invalidation, and reauthentication behavior.
  • Client storage and monitoring checks: Examines session token storage, browser cache exposure, and session logging or anomaly-detection gaps.
  • Use Case: Review a login and account-management flow to confirm the session changes after authentication, cannot be fixed by an attacker, and is destroyed on logout.

Quick Start

Ask this skill to review the authentication flow for session fixation, cookie hardening, timeout enforcement, logout invalidation, and client-side storage risks.

Dependency Matrix

Required Modules

None required

Components

references

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: security-review-owasp-session-management
Download link: https://github.com/sjinks/ai-owasp-skillset/archive/main.zip#security-review-owasp-session-management

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 537,000+ vetted skills library on demand.