Insufficient Session Expiration in fobybus/social-media-skeleton
Aug 15th 2023
Insufficient session expiration is a web application security vulnerability that occurs when a web application does not properly manage the lifecycle of a user's session. This can allow an attacker to hijack the user's session and gain unauthorized access to the application. The web application may not have a session timeout set. This means that a user's session will never expire, even if the user is inactive for a long period of time.
Even so, the User is required to log out of the system once the Password Changed event has been processed and completed.