When a browser does not expire a session after the user fails to logout properly, it is indicative of a

vulnerability related to broken authentication. Broken authentication is a security issue where

attackers can exploit flaws in the authentication mechanism to impersonate other users or take over

their sessions. Failure to properly manage session lifetimes, such as not expiring sessions on logout,

can allow an attacker to reuse old sessions or session IDs, potentially gaining unauthorized access to

user accounts. This vulnerability is classified under A2: Broken Authentication in the OWASP Top 10,

which lists the most critical web application security risks. The OWASP Top 10 serves as a guideline

for developers and web application providers to understand and mitigate common security risks.

Reference:The OWASP Top 10 is a widely recognized standard for web application security, often

referenced in cybersecurity training and certifications, including the EC-Council's Incident Handler

(ECIH v3) curriculum, which covers identification and mitigation of various web application

vulnerabilities, including broken authentication.