Sure, there are some attacker activities that are highly automated. That’s not w...

		marcusb on Aug 18, 2023 \| parent \| context \| favorite \| on: Short session expiration does not help security Sure, there are some attacker activities that are highly automated. That’s not what we’re talking about here. We’re talking about compromised temporal session tokens, which are frequently harvested by manual action, and in those scenarios, thinking about human timeframes is very useful.