Improper Session Termination Leading to Potential Account Takeover, by Ankit Giri
Session termination is an important aspect of a secure session lifecycle. Secure implementation of the session tokens decreases the likelihood of a successful session hijacking attack. Session termination acts as a control mechanism for attacks like cross site scripting and Cross site request Forgery. The severity of such attacks increases when an user has an authenticated session present. Thus, not having a secure session termination increases the attack surface other attacks.