Updated rec for Failure to Invalidate Session for Long Timeout

submissions/description/broken_authentication_and_session_management/failure_to_invalidate_session/long_timeout/recommendations.md

@@ -1,6 +1,6 @@
 # Recommendation(s)
 
-The application should monitor and alert the user to concurrent login events and provide the user a way to logout of other sessions than their current login.
+It is best practice to shorten session timeout values based upon business needs. The length of the session should take into consideration the criticality of the application and the data contained within.
 
 For further information, please see:
-<https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#simultaneous-session-logons>
+<https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#session-expiration>