Auth Security Reviewer Comprehensive security review of authentication systems. Session Security Checklist JWT Security Review CSRF Protection Password Security Multi-Factor Authentication Authorization Vulnerabilities Session Fixation Prevention Rate Limiting on Auth Endpoints Security Testing Best Practices 1. Regenerate sessions : On login and privilege changes 2. Short-lived tokens : 15min access, 7-day refresh 3. CSRF protection : All state-changing operations 4. Rate limiting : Prevent brute force 5. Secure cookies : HttpOnly, Secure, SameSite 6. MFA : For sensitive operations 7. Audit…