Session Timeout

/0 Comments/in /by

Description

Session timeouts are a protection mechanism for users who leave their computer unattended, or who walk away from a shared computer without logging out of an application.
After the timeout period, the user has to log in again. This is somewhat like a password-protected screen saver which starts after a number of minutes of inactivity on a computer.
A session timeout is an important security control for any application. It specifies the length of time that an application will allow an idle user to remain logged in before forcing the user to re-authenticate.

See how to fix it!

Risk
This can affect the following things

  • Authentication
  • Authorization
  • Session hijacking

How to set Session Timeout

Set Session Timeout in JAVA
Set Session Timeout in ASP.NET
Set Session Timeout in Apache

Reference

https://www.owasp.org/index.php/Broken_Authentication_and_Session_Manage…

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *