Flask-Login provides session protection to help prevent user sessions from being stolen. When this is active, sessions will be marked as non-fresh when the user’s IP or user agent is changed. It is not advised to disable this feature. Likelihood: LOW Confidence: HIGH CWE: - CWE-613: Insufficient Session Expiration
OWASP: - A02:2017 - Broken Authentication
- A07:2021 - Identification and Authentication Failures