Hi @PSanetra,
Welcome to our community and thanks for the rule suggestion!
In order to better understand the problem, could you please create a rule description similar to C# static code analysis: HTTP responses should not be vulnerable to session fixation or any other rule?
Having a rule description together with compliant and non-compliant examples, and maybe documentation links will help us a lot.