Skip to main content

Discard user session data

Summary​

When a session is terminated, either manually or automatically, the system must discard all related data and the session tokens must lose their validity.

Description​

Session tokens have associated permissions that allow any actor who possesses them to perform actions in a system. If session tokens are not removed from the client-side storage nor from the server, it increases the chances that they will be compromised. Furthermore, if they are not invalidated once a session is closed, the time during which a compromised session can be used maliciously is increased.

Supported In​

This requirement is verified in following services

PlanSupported
Machine🔴
Squad🟢

References​

Vulnerabilities​

free trial

Search for vulnerabilities in your apps for free with our automated security testing! Start your 21-day free trial and discover the benefits of our Continuous Hacking Machine Plan. If you prefer a full service that includes the expertise of our ethical hackers, don't hesitate to contact us for our Continuous Hacking Squad Plan.