From a96b8664d0a69c379e356c4ca606772373f5d108 Mon Sep 17 00:00:00 2001
From: W <kuhnen@science.ru.nl>
Date: Mon, 24 Oct 2016 13:35:29 +0200
Subject: [PATCH] work on v3

---
 report/v3_session.tex | 20 +++++++++++++++++---
 1 file changed, 17 insertions(+), 3 deletions(-)

diff --git a/report/v3_session.tex b/report/v3_session.tex
index 9e066cc..5b1f207 100644
--- a/report/v3_session.tex
+++ b/report/v3_session.tex
@@ -1,17 +1,31 @@
 \begin{enumerate}[label={3.\arabic*}]
 
     \item
-    \TODO{}
+    \pass
     Verify that there is no custom session manager, or that the custom session
     manager is resistant against all common session management attacks.
+    \begin{result}
+      The application uses the standard \PHP functionality;
+      \code{session_start()} to manage sessions.
+    \end{result}
+
 
     \item
-    \TODO{}
+    \pass
     Verify that sessions are invalidated when the user logs out.
+    \begin{result}
+      When a user logs out the application calls \code{forget()}, which destroys
+      the session.
+    \end{result}
+
 
     \item
-    \TODO{}
+    \fail
     Verify that sessions timeout after a specified period of inactivity.
+    \begin{result}
+    There is no functionality which tracks how long a user has been inactive.
+    \end{result}
+
 
   \notapplicable{
     \item
-- 
2.20.1