Merge pull request #433 from bugcrowd/long-timeout

Updated rec for Failure to Invalidate Session for Long Timeout
bugcrowd · May 15, 2024 · c6e5496 · c6e5496
2 parents 3cd8e1c + 54b7217
commit c6e5496
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/...ession_management/failure_to_invalidate_session/long_timeout/recommendations.md b/...ession_management/failure_to_invalidate_session/long_timeout/recommendations.md
@@ -1,6 +1,6 @@
 # Recommendation(s)
 
-The application should monitor and alert the user to concurrent login events and provide the user a way to logout of other sessions than their current login.
+It is best practice to shorten session timeout values based upon business needs. The length of the session should take into consideration the criticality of the application and the data contained within.
 
 For further information, please see:
-<https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#simultaneous-session-logons>
+<https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#session-expiration>