/vulndb/Inadequate Session Revocation

This vulnerability occurs when the session is not properly revoked after an user logout request.

Without a proper session revocation an attacker will be still able to use a stolen session and perform actions on the application on user’s behalf.

Solution

Be sure that after a logout the session is completed destroyed from the client and the server.

References

http://en.wikipedia.org/wiki/Session_management#Web_server_session_management https://www.owasp.org/index.php/Session_Management