SC-23(01) Invalidate Session Identifiers at Logout
Invalidate session identifiers upon user logout or other session termination.
Baselines
- L Not selected
- M Not selected
- H Not selected
- P Not selected
Guidance
Invalidating session identifiers at logout curtails the ability of adversaries to capture and continue to employ previously valid session IDs.