Session Timeout
Description
Session timeouts are a protection mechanism for users who leave their computer unattended, or who walk away from a shared computer without logging out of an application.
After the timeout period, the user has to log in again. This is somewhat like a password-protected screen saver which starts after a number of minutes of inactivity on a computer.
A session timeout is an important security control for any application. It specifies the length of time that an application will allow an idle user to remain logged in before forcing the user to re-authenticate.
Risk
This can affect the following things
- Authentication
- Authorization
- Session hijacking
How to set Session Timeout
Set Session Timeout in JAVA
Set Session Timeout in ASP.NET
Set Session Timeout in Apache
Reference
https://www.owasp.org/index.php/Broken_Authentication_and_Session_Manage…
Leave a Reply
Want to join the discussion?Feel free to contribute!