Checkpoint 1.9 - Mobile-PDA

Cookies are used in a web environment to support session management, to identify users and to store user preferences. Many mobile devices do not implement cookies or provide only an incomplete implementation. Some gateways can strip cookies from transmissions as well as simulate cookies on behalf of the mobile devices.

Requirement

No cookies are used for storage of data on the mobile device.

Recommendation

Session management and other uses of cookies can be simulated by adding name/value pairs containing relevant information to the URL. In doing so, the device's maximum length for such strings should be taken into account.

Checking Tool

Check the source code of the file producing the page for the mobile to ensure no code exists that creates cookies.