Seong-lae ChoHTTP Session Notion
HTTP Session Usage
does not helpful for security
Short session expiration does not help security
When logged into a web application, the session does not remain valid forever. Typically, the session expires after a fixed time after login, or after the user has been idle for some time. How long should these times be?
https://www.sjoerdlangkemper.nl/2023/08/16/session-timeout
