Web application lacks a strong and consistent session ID management framework:
d) numerical incremental session IDs are used  
f) 3. session IDs do not expire when the browser's window is closed
Weak session management may allow an attacker to monitor, hijack or replay a session to gain access to the web application. The solution may not meet Vodafone Standards. This could lead to service disruption and unauthorised change or disclosure of information.  Web application must have a strong and consistent session ID management framework