Thanks for the reply Laurenz. Of course the first thing that I thought of to prevent man-in-the-middle was SSL. However, I also like to try to address the issue in a way that seems to get at what they are intending. It seemed to me that they wanted to do some configuration within the database related to session IDs.
Regarding what is meant by "security configuration", I couldn't say for sure. These guides are very much open to interpretation. In any case your answers are helpful. Thanks again!