Not Validating the session may Leads to Account Deletion.

Aneesha D (ohzo)
2 min readDec 31, 2022

Session termination is an important part of the session lifecycle. Reducing to a minimum the lifetime of the session tokens decreases the likelihood of a successful session hijacking attack. This can be seen as a control against preventing other attacks like Cross Site Scripting and Cross Site Request Forgery. Such attacks have been known to rely on a user having an authenticated session present. Not having a secure session termination only increases the attack surface for any of the attacks, for example, account deletion without a password or bypassing the…

--

--

Aneesha D (ohzo)

I am a Software Developer and a Security Researcher with a Bachelor of Engineering in CS.