Sunday 05 July 2026 01:13:23 GMT+02:00

Netcrook

HomeManifesto
News
Techcrook
Geocrook
WikicrookTeamAppContact
EnglishItalianoArabic

WIKICROOK

Session revocation

The process of invalidating active logins so stolen session material can no longer be reused.

Session revocation is the process of making active logins, cookies, or tokens invalid before they expire naturally. In practice, it forces a user or attacker to authenticate again. This matters because a stolen password can be changed, but a live session may still work until the service no longer trusts it.

In cyber attacks, infostealers and phishing kits often steal browser cookies or authentication tokens instead of just passwords. If defenders only reset credentials, the attacker may keep access through a valid session. Revoking sessions cuts off that reuse, especially when combined with token invalidation, sign-in review, and MFA reset. It is a core response step after suspected account theft and a key control for limiting the value of stolen session material.

← WIKICROOK index