F076. Insecure session management

Description

The session token does not expire when the user terminates the session and can be used to post requests afterwards.

Rules

  1. R030. Avoid object reutilization

  2. R031. Discard user session data

  3. R141. Force re-authentication

OWASP logo

Corporate member of The OWASP Foundation

Clutch Review

Copyright © 2021 Fluid Attacks, We hack your software. All rights reserved.

Service status - Terms of Use - Privacy Policy - Cookie Policy