According to OWASP, we should have a session timeout so someone can not come behind another user on a public computer and use their session if they don't log out.
a) Create timeout
b) Does logging out delete the session ID? If not, we should do that too.
WHO: Sylvia
According to OWASP, we should have a session timeout so someone can not come behind another user on a public computer and use their session if they don't log out.
a) Create timeout b) Does logging out delete the session ID? If not, we should do that too.