This category of exploit is prevented in a huge number of ways - not a single one of them is "make my user's cookie/token sessions 15 minutes long"
This category of exploit is prevented in a huge number of ways - not a single one of them is "make my user's cookie/token sessions 15 minutes long"