16.2 Session Integrity
The system support session integrity by terminating token at fixed interval to prevent session hijacking. Also, upon logout the session tokens are cleared and removed from the client.
-
The session tokens are generated are unique and never be reused.
-
The session tokens are generated and hashed with encryption algorithms for randomness.