You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Session hijacking must also check concurrent sessions (provide example)
[Translation]
This is explained in the ASVS:
3.16
Verify that the application limits the number of active concurrent sessions.
Bah, limiting multiple concurrent sessions doesn't always make sense. You may want to log into the web, your mobile and your iPad together in some cases. This is not a hard rule, just a suggestion.
More importantly, inform users of open sessions and give them a chance to close them, like we see at google and other services.
Session hijacking must also check concurrent sessions (provide example)
[Translation]
This is exam plain in the ASVS:
3.16
Verify that the application limits the number of active concurrent sessions.
—
Reply to this email directly or view it on GitHub.
blabla1337
changed the title
Session hijacking moet ook checken op 'concurrent sessions' (code voorbeeld)
Session hijacking has to check on 'concurrent sessions' (code example)
Jul 9, 2017
No description provided.
The text was updated successfully, but these errors were encountered: