During a security review of a web application, you discover that users remain logged in indefinitely. What is the BEST method to enhance security in this scenario?
Encrypt session IDs.
Use HTTP cookies with secure flags.
Require multi-factor authentication for all logins.
Implement session timeouts.