Read Time:21 Second
Posted by Jeffrey Walton on Jul 19
There’s also https://en.wikipedia.org/wiki/Session_hijacking#Prevention
One thing Jim Manico of OWASP recommends is to (re)prompt the user for
their password on occasion, like when performing a high value
operation. That will effectively re-authenticate a user before a high
value operation. Attackers with a cookie but without the user’s
password should fail the re-authentication challenge.
Jeff