Time-based features are important features in e-commerce sites and banking applications where it is desired to time-out a workflow to prevent unattended sessions. This feature is also familiar to anyone who has used an online travel booking site or ticket exchange (for example Fandango in the following screenshot), where the company is trying to prevent bots or squatters from occupying preferred seating and locking out other valid users. These provisions need to work though – an issue here can allow an attacker's client to deny product or sales, hijack sessions, or otherwise exploit the trusted connection during a help-open transaction.

Time-based validation testing is something ...