FOLLOW FLUID ATTACKS
The session token does not expire when the user terminates the session and can
be used to post requests afterwards.
R030. Avoid object reutilization
R031. Discard user session data
R141. Force re-authentication
Start with Fluid Attacks
We are a proud corporate member of the OWASP Foundation
Copyright © 2020 Fluid Attacks, We hack your software. All rights reserved.