🚀 Join our AI Wargame at Black Hat Asia and our Workshop + Wargame at NDC Sydney .

Insufficient Session Expiration

An authenticated session, especially statefull tokens, must expire after a period of time. Otherwise an adversary has higher chance of reusing an old token and get an unauthorised access.

Remediation

Implement an expiry time for the token. The shorter is the expiry, the lower is the likelihood of token abuse.

Metadata

  • Severity: low
  • Slug: insufficient-session-expiration

CWEs

  • 613: Insufficient Session Expiration

OWASP

  • A07:2021: Identification and Authentication Failures

Available Labs

Open Ruby labs in SecDim Play for this vulnerability.

Try it yourself

Find, Hack and Fix Your First Vulnerability

Reading about security bugs is one thing — fixing one is how the skill sticks. Play a free challenge from the wargame, no setup required.