-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Peter,
On 2/8/18 11:30 AM, Peter Kreuser wrote:
> Forgive the top-post!
:/
iOS mail lets you type anywhere you want!
> Going back to the root-cause of the question:
>
> In my opinion the security requirement stems from the idea, that a
> logout
Dear all,
Forgive the top-post!
Going back to the root-cause of the question:
In my opinion the security requirement stems from the idea, that a logout must
invalidate the session and thus make the data practically inaccessible -
instead of just removing a typical loggedin flag and keeping the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Mark,
On 2/8/18 4:49 AM, Mark Thomas wrote:
> On 07/02/18 23:49, Alex O'Ree wrote:
>> I was recently perusing security implementation guides and ran
>> across one that required that sessions id's be "destroyed" after
>> use and not reused. From my u
