Register now or log in to join your professional community.
Session Invalidation from both client and server side while closing the browser.
Kill the logged in user session cookie when the logout option is been called & when the browser is closed terminate/flush that session cookie value so that the same cookie value can't be reused.
Verify that the session id is changed or cleared on logout.
Verify that sessions are invalidated when the user logs out.
Verify that the session id is changed or cleared on logout.
Verify that sessions timeout after an administratively-configurable maximum time period regardless of activity (an absolute timeout).
Verify that the session id is changed on login to prevent session fixation.
Verify that the session id is changed on re-authentication.