Categories
< All topics
Print

Session Expiration / Session Timeout

Web applications should be set to invalidate a user session after a period of inactivity. This session expiration or timeout protects users who did not logout from having someone else discover their logged-in session and take it over.

Table of contents
Shopping cart