FOLLOW FLUID ATTACKS
The session token does not expire when the user terminates the session and can be used to post requests afterwards.
R030. Avoid object reutilization
R031. Discard user session data
R141. Force re-authentication
Copyright © 2021 Fluid Attacks, We hack your software. All rights reserved.