V3.3 — Session Termination
Session Termination: 3 L3 requirement(s). V3.3.1: Verify that logout and expiration invalidate the session token, such that the back button or a downstream relying party ... V3.3.3: Verify that the application gives the option to terminate all other active sessions after a successful password change (... V3.3.4: Verify that users are able to view and (having re-entered login credentials) log out of any or all currently active sess...
| Property | Value |
|---|---|
| Section | V3.3 |
| Owner | platform |
Mapped Controls
| Control | Title |
|---|---|
| SID-AUTH-02 | JWT Bearer Token Session Management |
Source: OWASP Application Security Verification Standard 4.0.3