SC-23(01) Invalidate Session Identifiers at Logout

Baselines

Guidance

Invalidating session identifiers at logout curtails the ability of adversaries to capture and continue to employ previously valid session IDs.