checking-session-security
This skill enables Claude to check session security implementations within a codebase. It analyzes session management practices to identify potential vulnerabilities. Use this skill when a user requests to "check session security", "audit session handling", "review session implementation", or asks about "session security best practices" in their code. It helps identify issues like insecure session IDs, lack of proper session expiration, or insufficient protection against session fixation attacks. This skill leverages the session-security-checker plugin.
90
53%
Does it follow best practices?
Impact
97%
1.02xAverage score across 9 eval scenarios
Passed
No known issues
Optimize this skill with Tessl
npx tessl skill review --optimize ./backups/skills-migration-20251108-070147/plugins/security/session-security-checker/skills/session-security-checker/SKILL.mdEvaluation results
90%
-5%Login Flow Security Audit
Session fixation detection
Session fixation identified
100%
100%
Regeneration recommendation
100%
100%
Weak secret key flagged
100%
100%
Secure session ID recommended
100%
100%
Missing session expiration
100%
100%
Expiration remediation
100%
100%
Input validation missing
50%
0%
Session hijacking risk linked
100%
100%
Report has vulnerability listing
100%
100%
Report has remediation steps
100%
100%
95%
Session Handling Review for Internal HR Portal
Session expiration analysis
Missing session timeout
100%
100%
Specific timeout value suggested
100%
100%
Unauthorized access risk stated
100%
100%
httpOnly flag missing
100%
100%
Secure cookie flag missing
100%
100%
Session fixation risk noted
100%
100%
Weak secret key flagged
100%
100%
Input validation absent
0%
0%
Report has vulnerability listing
100%
100%
Remediation steps provided
100%
100%
100%
Security Review for Customer-Facing API Authentication
Comprehensive session security audit
Weak session ID algorithm
100%
100%
Predictable token inputs
100%
100%
Strong random session ID recommended
100%
100%
Input validation issue identified
100%
100%
Session hijacking risk stated
100%
100%
Missing session expiration
100%
100%
Session fixation noted
100%
100%
Report enumerates all vulnerabilities
100%
100%
Per-vulnerability remediation
100%
100%
100%
10%Security Review for PHP E-Commerce Checkout Portal
PHP session security audit
Session fixation identified
100%
100%
Regeneration recommendation
100%
100%
httpOnly flag missing
100%
100%
Secure flag missing
100%
100%
SameSite attribute insecure
100%
100%
Missing session expiration
0%
100%
Input validation absent
100%
100%
Session hijacking risk linked
100%
100%
Report has vulnerability listing
100%
100%
Per-vulnerability remediation
100%
100%
100%
Session Security Review for Node.js SaaS API
Multi-file codebase session analysis
Multi-file analysis
100%
100%
Weak secret key flagged
100%
100%
httpOnly flag missing
100%
100%
Secure flag missing
100%
100%
Missing session expiration
100%
100%
Session fixation identified
100%
100%
Input validation absent
100%
100%
Expiration recommendation specific
100%
100%
Report has vulnerability listing
100%
100%
Per-vulnerability remediation
100%
100%
97%
-3%Session Security Assessment for Django Healthcare Portal
Django session security review
COOKIE_SECURE flag
100%
100%
COOKIE_HTTPONLY flag
100%
100%
COOKIE_SAMESITE setting
100%
100%
Missing session timeout
100%
100%
Specific timeout recommended
100%
100%
Session fixation or cycle missing
100%
100%
Input validation absent
100%
70%
Session hijacking risk stated
100%
100%
Report has vulnerability listing
100%
100%
Per-vulnerability remediation
100%
100%
96%
4%Session Token Audit for Legacy Node.js Service
Session ID strength analysis
Identifies Math.random usage
100%
100%
Identifies sequential/predictable IDs
100%
100%
Recommends crypto RNG
100%
100%
Identifies insufficient ID length
100%
70%
Report includes remediation steps
100%
100%
Session fixation check
0%
87%
Session expiration check
100%
100%
Input validation check
100%
100%
Secure cookie flags
100%
100%
Structured report format
100%
100%
97%
4%Security Review: User Portal Session Handling
Input validation for session hijacking
Identifies unvalidated session input
100%
100%
Identifies session token in URL
100%
100%
Remediation for input validation
100%
100%
Session fixation finding
100%
100%
Session expiration finding
100%
100%
Secure session ID recommendation
70%
70%
Cookie security flags
50%
100%
Identifies privilege escalation risk
100%
100%
Report structure
100%
100%
Actionable remediation detail
100%
100%
100%
Session Security Assessment for Healthcare Portal
Session security report with remediation
Identifies custom session ID generation
100%
100%
Flags non-cryptographic randomness
100%
100%
Recommends SecureRandom or container sessions
100%
100%
Identifies missing session expiration
100%
100%
Remediation for expiration
100%
100%
Identifies session fixation
100%
100%
Remediation for session fixation
100%
100%
Covers all three vulnerability categories
100%
100%
Input validation coverage
100%
100%
Report structure with findings and remediation
100%
100%
- Commit
13d35b8
- Evaluated
- Agent
- Claude Code
- Model
- Claude Sonnet 4.6
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.