| CWE-233 | Improper Handling of Parameters |
| CWE-285 | Improper Authorization |
| CWE-302 | Authentication Bypass by Assumed-Immutable Data |
| CWE-315 | Cleartext Storage of Sensitive Information in a Cookie |
| CWE-353 | Missing Support for Integrity Check |
| CWE-384 | Session Fixation |
| CWE-472 | External Control of Assumed-Immutable Web Parameter |
| CWE-539 | Use of Persistent Cookies Containing Sensitive Information |
| CWE-565 | Reliance on Cookies without Validation and Integrity Checking |
