Clear browser session cookies on logout
Hi Ray, another issue picked up in my client's recent pen test was that "Session cookie was not changed when signing in and out of the application." At the moment it looks like the session cookie is only cleared when you close the browser, but it should clear when the user logs out. I've attached a copy of the login page, can you advise how I would change this?
Another thing they mention is "Session cookie was not validated against the web server database to confirm it was valid" - any idea how I could do this?