Cornucopia - Ecommerce Website - SM 8

Suit: Session management

Card/Value: 8

Description:
Matt can abuse long sessions because the application does not require periodic re-authentication to check if privileges have changed.

Technical Note:
A user's privileges may change during a session. If this information is also stored in session data, it will not reflect the changes. Consider forcing re-authentication.

See Authentication AT 9 for other re-authentication requirements.

References:
« Previous Card | Session management | Next Card »