info Session Management Response Identified
Details
| Severity | info |
|---|---|
| Status | Open |
| Engine | zap |
| Target URL | https://easm.liifecore.com/login |
| First Seen | 2026-07-14 03:00:20 UTC |
| Last Seen | 2026-07-14 03:00:20 UTC |
Description
The given response has been identified as containing a session management token. The 'Other Info' field contains a set of header tokens that can be used in the Header Based Session Management Method. If the request is in a context which has a Session Management Method set to "Auto-Detect" then this rule will change the session management to use the tokens identified.
Evidence
easm_session
Raw Output
{
"alert": "Session Management Response Identified",
"alertRef": "10112",
"attack": "",
"confidence": "Medium",
"cweid": "-1",
"description": "The given response has been identified as containing a session management token. The \u0027Other Info\u0027 field contains a set of header tokens that can be used in the Header Based Session Management Method. If the request is in a context which has a Session Management Method set to \"Auto-Detect\" then this rule will change the session management to use the tokens identified.",
"evidence": "easm_session",
"id": "1",
"inputVector": "",
"messageId": "549",
"method": "POST",
"name": "Session Management Response Identified",
"other": "cookie:easm_session",
"param": "easm_session",
"pluginId": "10112",
"reference": "https://www.zaproxy.org/docs/desktop/addons/authentication-helper/session-mgmt-id/",
"risk": "Informational",
"solution": "This is an informational alert rather than a vulnerability and so there is nothing to fix.",
"sourceMessageId": 549,
"sourceid": "3",
"tags": {},
"url": "https://easm.liifecore.com/login",
"wascid": "-1"
}