SC-23(1)
SC-23(1): Invalidate Session Identifiers at Logout
Invalidate session identifiers upon user logout or other session termination.
Supplemental
Invalidating session identifiers at logout curtails the ability of adversaries to capture and continue to employ previously valid session IDs.
| CIA Levels | |
|---|---|
| Confidentiality | unknown |
| Integrity | low |
| Availability | unknown |
| Overlays |
|---|
| DAF Baseline |
| CSF Categories |
|---|
| None |