From: W <kuhnen@science.ru.nl>
Date: Mon, 24 Oct 2016 11:35:29 +0000 (+0200)
Subject: work on v3
X-Git-Url: https://git.martlubbers.net/?a=commitdiff_plain;h=a96b8664d0a69c379e356c4ca606772373f5d108;p=ssproject1617.git

work on v3
---

diff --git a/report/v3_session.tex b/report/v3_session.tex
index 9e066cc..5b1f207 100644
--- a/report/v3_session.tex
+++ b/report/v3_session.tex
@@ -1,17 +1,31 @@
 \begin{enumerate}[label={3.\arabic*}]
 
     \item
-    \TODO{}
+    \pass
     Verify that there is no custom session manager, or that the custom session
     manager is resistant against all common session management attacks.
+    \begin{result}
+      The application uses the standard \PHP functionality;
+      \code{session_start()} to manage sessions.
+    \end{result}
+
 
     \item
-    \TODO{}
+    \pass
     Verify that sessions are invalidated when the user logs out.
+    \begin{result}
+      When a user logs out the application calls \code{forget()}, which destroys
+      the session.
+    \end{result}
+
 
     \item
-    \TODO{}
+    \fail
     Verify that sessions timeout after a specified period of inactivity.
+    \begin{result}
+    There is no functionality which tracks how long a user has been inactive.
+    \end{result}
+
 
   \notapplicable{
     \item