Skip to content

The web server must invalidate session identifiers upon hosted application user logout or other session termination.

An XCCDF Rule