3.12 Session cookies have appropriately restricted paths

Verify that session ids stored in cookies have their path set to an appropriately restrictive value for the application, and authentication session tokens additionally set the “HttpOnly” and “secure” attributes

Levels: 1, 2, 3