F076. Insecure session management

Description

The session token does not expire when the user terminates the session and can be used to post requests afterwards.

Rules

  1. R030. Avoid object reutilization

  2. R031. Discard user session data

  3. R141. Force re-authentication

Fluid Attacks logo Start with Fluid Attacks

Fluid Attacks logo Contact us

OWASP logo

We are a proud corporate member of the OWASP Foundation

Contact Us

Number is valid Number is not valid
Please select an option

Clutch Review

Copyright © 2020 Fluid Attacks, We hack your software. All rights reserved.

Service status - Terms of Use - Privacy Policy - Cookie Policy