[Owasp-testing] Session timeout failure - What ref. number?

Michael Boman michael.boman at omegapoint.se
Tue Feb 23 06:58:29 EST 2010

 I came across a failure to properly timeout a session. The session times out and I am re-directed to the login page, but by pressing "back" on the browser got me into the application again which still thought that I was logged in.

My question is what reference number that would be in OWASP testing guide. I've been browsing through the guide but haven't been able to pin-point the reference number as of yet.

Perhaps it belongs under OWASP-SM-001, but I am not sure.

Please advice.

Best regards
Michael Boman

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-testing/attachments/20100223/735c2b90/attachment-0001.html 

More information about the Owasp-testing mailing list