Description

Session timeouts are a protection mechanism for users who leave their computer unattended, or who walk away from a shared computer without logging out of an application.
After the timeout period, the user has to log in again. This is somewhat like a password-protected screen saver which starts after a number of minutes of inactivity on a computer.
A session timeout is an important security control for any application. It specifies the length of time that an application will allow an idle user to remain logged in before forcing the user to re-authenticate.

See how to fix it!

Risk
This can affect the following things

  • Authentication
  • Authorization
  • Session hijacking

How to set Session Timeout

Set Session Timeout in JAVA
Set Session Timeout in ASP.NET
Set Session Timeout in Apache

Reference

https://www.owasp.org/index.php/Broken_Authentication_and_Session_Manage…

Share with your friends

appsec-labs-logo-007

No comments yet.

Leave a Reply

You must be logged in to post a comment.