When a session is terminated, either manually or automatically,
the system must discard all related data and the session tokens must lose their
Session tokens have associated permissions that allow any actor who possesses
them to perform actions in a system.
If session tokens are not removed from the client-side storage nor from the
it increases the chances that they will be compromised.
Furthermore, if they are not invalidated once a session is closed,
the time during which a compromised session can be used maliciously is