For instance, even after a user has been validated and assigned a session ID, you should revalidate that user when he or she performs any highly sensitive actions, such as resetting passwords.
英
美
- 例如,即使在一个用户经过身份验证并分配了一个会话ID之后,在它执行一个高度敏感的动作例如修改密码时,仍然要重新验证身份。
