← Back to Findings

info Session Management Response Identified

Details

Severityinfo
StatusOpen
Enginezap
Target URLhttps://easm.liifecore.com/login
First Seen2026-07-14 03:00:20 UTC
Last Seen2026-07-14 03:00:20 UTC

Description

The given response has been identified as containing a session management token. The 'Other Info' field contains a set of header tokens that can be used in the Header Based Session Management Method. If the request is in a context which has a Session Management Method set to "Auto-Detect" then this rule will change the session management to use the tokens identified.

Evidence

easm_session

Raw Output

{
  "alert": "Session Management Response Identified",
  "alertRef": "10112",
  "attack": "",
  "confidence": "Medium",
  "cweid": "-1",
  "description": "The given response has been identified as containing a session management token. The \u0027Other Info\u0027 field contains a set of header tokens that can be used in the Header Based Session Management Method. If the request is in a context which has a Session Management Method set to \"Auto-Detect\" then this rule will change the session management to use the tokens identified.",
  "evidence": "easm_session",
  "id": "1",
  "inputVector": "",
  "messageId": "549",
  "method": "POST",
  "name": "Session Management Response Identified",
  "other": "cookie:easm_session",
  "param": "easm_session",
  "pluginId": "10112",
  "reference": "https://www.zaproxy.org/docs/desktop/addons/authentication-helper/session-mgmt-id/",
  "risk": "Informational",
  "solution": "This is an informational alert rather than a vulnerability and so there is nothing to fix.",
  "sourceMessageId": 549,
  "sourceid": "3",
  "tags": {},
  "url": "https://easm.liifecore.com/login",
  "wascid": "-1"
}

Update Status