ASVS V3 Session Management

Control Objective
One of the core components of any web-based application is the mechanism by which it controls and maintains the state for a user interacting with it. This is referred to this as Session Management and is defined as the set of all controls governing state-full interaction between a user and the web-based application.

Ensure that a verified application satisfies the following high level session management requirements:


 * Sessions are unique to each individual and cannot be guessed or shared
 * Sessions are invalidated when no longer required and timed out during periods of inactivity.