Flask-login-session-protection-none
Flask login session protection none
flask-login-session-protection-none
flask-login-session-protection-none
Flask-Login provides session protection to help prevent user sessions from being stolen. When this is active, sessions will be marked as non-fresh when the user’s IP or user agent is changed. It is not advised to disable this feature.
Likelihood: LOW
Confidence: HIGH
CWE:
- CWE-613: Insufficient Session Expiration
OWASP:
- A02:2017 - Broken Authentication
- A07:2021 - Identification and Authentication Failures