The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

The session management mechanism can be leveraged as a highly effective

defense against many kinds of other attacks against the application. Some

 security-critical applications such as online banking are extremely aggressive in

terminating a user’s session every time the user submits some anomalous

request — for example, any request containing a modified hidden HTML form

field or URL query string parameter, any request containing strings associated

with SQL injection or cross-site scripting attacks, and any user input that would

normally have been blocked by client-side checks such as length restrictions.

Of course, any actual vulnerabilities that may be exploited using such

requests need to be addressed at source. But forcing users to reauthenticate