Securing the Session:
1) Secure token
- random (UUID)
- long
- token protection
- never inwards URL
- cookie flags
- httponly
- secure
2) Secure Session Handling
- novel token at login/logout
- former session detroyed
- customer together with server session ending
3) Timeout
1) Secure token
- random (UUID)
- long
- token protection
- never inwards URL
- cookie flags
- httponly
- secure
2) Secure Session Handling
- novel token at login/logout
- former session detroyed
- customer together with server session ending
3) Timeout