Session
023. Terminate inactive user sessions029. Cookies with security attributes024. Transfer information using session objects030. Avoid object reutilization025. Manage concurrent sessions031. Discard user session data026. Encrypt client-side session information032. Avoid session ID leakages027. Allow session lockout357. Use stateless session tokens028. Allow users to log out369. Set a maximum lifetime in sessions