SC-23(1)—Invalidate Session Identifiers At Logout
>Control Description
Invalidate session identifiers upon user logout or other session termination.
>Supplemental Guidance
Invalidating session identifiers at logout curtails the ability of adversaries to capture and continue to employ previously valid session IDs.