Cornucopia - Ecommerce Website - SM 8
Suit: Session management
Matt can abuse long sessions because the application does not require periodic re-authentication to check if privileges have changed.
A user's privileges may change during a session. If this information is also stored in session data, it will not reflect the changes. Consider forcing re-authentication.
See Authentication AT 9 for other re-authentication requirements.
|OWASP SCP||OWASP ASVS||OWASP AppSensor||CAPEC||SAFECODE|