Failure To Invalidate Session


Description

The application fails to invalidate user sessions after logout.  Although the user logs out of the application, the session ID continues to remain valid on the server. This allows user sessions to remain valid longer than necessary leaving them open to attacks.

Custom Description

Impact

Risk Rating

Remediation

How To Test

Sample Report Screenshots

Time Saving Tips

Testing Gotchas

References

 

Subscribe here in order to gain access to the AppSec Findings Database

 

Leave a Reply