FOLLOW FLUID ATTACKS
The session token does not expire when the user terminates the session and can
be used to post requests afterwards.
R030. Avoid object reutilization
R031. Discard user session data
R141. Force re-authentication
Corporate member of The OWASP Foundation
Copyright © 2021 Fluid Attacks, We hack your software. All rights reserved.