analyzing-session-management
Detects session management vulnerabilities including session fixation, session hijacking, and insecure cookie handling. Use when analyzing authentication sessions, cookie security, or investigating session-related vulnerabilities.
Best use case
analyzing-session-management is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Detects session management vulnerabilities including session fixation, session hijacking, and insecure cookie handling. Use when analyzing authentication sessions, cookie security, or investigating session-related vulnerabilities.
Teams using analyzing-session-management should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/analyzing-session-management/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How analyzing-session-management Compares
| Feature / Agent | analyzing-session-management | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Detects session management vulnerabilities including session fixation, session hijacking, and insecure cookie handling. Use when analyzing authentication sessions, cookie security, or investigating session-related vulnerabilities.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Session Management Detection ## Detection Workflow 1. **Identify session operations**: Find session creation code, locate session validation checks, identify session destruction, map session lifecycle 2. **Analyze session ID generation**: Review session ID generation algorithm, check randomness and entropy, assess predictability, test for collision resistance 3. **Check transmission security**: Verify SSL/TLS usage, check for session ID in URLs, assess cookie security flags, review transmission methods 4. **Assess session lifecycle**: Verify session expiration, check logout behavior, assess session invalidation, review concurrent session handling ## Key Patterns - Session fixation: predictable session IDs, session IDs not regenerated after login, accepting attacker-provided session IDs, weak session ID generation - Session hijacking: session IDs exposed in URLs, session IDs transmitted insecurely, missing SSL/TLS, weak session ID entropy - Session timeout issues: missing session expiration, excessive session timeout, no session invalidation on logout, persistent sessions across devices - Cookie security: missing HttpOnly flag, missing Secure flag, cookie accessible via JavaScript, cookie path/domain misconfiguration ## Output Format Report with: id, type, subtype, severity, confidence, location, vulnerability, session_generation (method, predictability, entropy), attack_scenario, bypass_steps, exploitable, impact, mitigation. ## Severity Guidelines - **CRITICAL**: Session fixation allowing account takeover - **HIGH**: Session hijacking with weak session IDs - **MEDIUM**: Excessive session timeout or missing logout - **LOW**: Minor cookie security issues ## See Also - `patterns.md` - Detailed detection patterns and exploitation scenarios - `examples.md` - Example analysis cases and code samples - `references.md` - CWE references and mitigation strategies
Related Skills
dependency-management-deps-audit
You are a dependency security expert specializing in vulnerability scanning, license compliance, and supply chain security. Analyze project dependencies for known vulnerabilities, licensing issues,...
analyzing-test-quality
Automatically activated when user asks about test quality, code coverage, test reliability, test maintainability, or wants to analyze their test suite. Provides framework-agnostic test quality analysis and improvement recommendations. Does NOT provide framework-specific patterns - use jest-testing or playwright-testing for those.
analyzing-test-effectiveness
Use to audit test quality with Google Fellow SRE scrutiny - identifies tautological tests, coverage gaming, weak assertions, missing corner cases. Creates bd epic with tasks for improvements, then runs SRE task refinement on each.
analyzing-dependencies
Analyze dependencies for known security vulnerabilities and outdated versions. Use when auditing third-party libraries. Trigger with 'check dependencies', 'scan for vulnerabilities', or 'audit packages'.
analyzing-crypto-weakness
Identifies weak cryptographic algorithms, hardcoded keys, and insecure key management practices in binary code. Use when analyzing encryption/decryption, authentication mechanisms, or reviewing cryptographic implementations.
analyzing-backtests
Analyzes algorithmic trading backtest results from Jupyter notebooks and generates summary reports. Use when the user wants to analyze or summarize backtest notebooks.
u07958-attention-management-architecture-for-eldercare-coordination
Operate the "Attention Management Architecture for eldercare coordination" capability in production for eldercare coordination workflows. Use when mission execution explicitly requires this capability and outcomes must be reproducible, policy-gated, and handoff-ready.
u01859-handoff-contracting-for-product-management-execution
Operate the "Handoff Contracting for product management execution" capability in production for product management execution workflows. Use when mission execution explicitly requires this capability and outcomes must be reproducible, policy-gated, and handoff-ready.
pmbok8-project-management
Sistema de agentes para generación automática de artefactos de gestión de proyectos basado en PMBOK 8 del PMI. Usar cuando se necesite crear documentación de proyectos como Actas de Constitución, WBS, Registros de Riesgos, Matrices RACI, Product Backlogs, Cronogramas, Presupuestos y cualquier otro entregable de gestión de proyectos. Soporta enfoques predictivos, ágiles e híbridos adaptando los artefactos según el ciclo de vida del proyecto. NUEVO: Incluye soporte multi-proveedor para Claude (narrativa/análisis) y Gemini (datos estructurados/cuantitativos).
epic-management
Use for LARGE work requiring feature-level grouping. Creates epic tracking issues, manages related issues under a common label, tracks epic progress, and coordinates with milestones.
asset-management
Complete asset management feature for Polkadot dApps using the Assets pallet. Use when user needs fungible token/asset functionality including creating custom tokens, minting tokens to accounts, transferring tokens between accounts, destroying tokens, viewing portfolios, or managing token metadata. Generates production-ready code (~2,200 lines across 15 files) with full lifecycle support (create→mint→transfer→destroy), real-time fee estimation, transaction tracking, and user-friendly error messages. Works with template infrastructure (WalletContext, ConnectionContext, TransactionContext, balance utilities, shared components). Load when user mentions assets, tokens, fungible tokens, token creation, minting, portfolio, or asset pallet.
analyzing-requirements
Helps the user define, refine, and document requirements for new software features or projects. Use this when a user says "I want to build...", "I need a feature...", or "How should I implement...".