OWASP#1610 - no reference, no problem (remove outdated section text)

elarlang · Oct 28, 2024 · d811e6f · d811e6f
1 parent 3bc1b16
commit d811e6f
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/5.0/en/0x12-V3-Session-management.md b/5.0/en/0x12-V3-Session-management.md
@@ -76,7 +76,7 @@ This section relates to those writing Relying Party (RP) or Credential Service P
 
 ## V3.7 Defenses Against Session Management Exploits
 
-There are a small number of session management attacks, some related to the user experience (UX) of sessions. Previously, based on ISO 27002 requirements, the ASVS has required blocking multiple simultaneous sessions. Blocking simultaneous sessions is no longer appropriate, not only as modern users have many devices or the app is an API without a browser session, but in most of these implementations, the last authenticator wins, which is often the attacker. This section provides leading guidance on deterring, delaying and detecting session management attacks using code.
+There are a small number of session management attacks, some related to the user experience (UX) of sessions. This section provides leading guidance on deterring, delaying and detecting session management attacks using code.
 
 ### Description of the half-open Attack