marloru Posted September 20, 2022 Share Posted September 20, 2022 Hello, I would like to know if there is a way to invalidate a session token during logout. Currently, the session token is not revoked after a user logout. That allows an attacker to re-use an old session token to compromise account. Thanks. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now