During a security review of a web application, you discover that users remain logged in indefinitely. What is the BEST method to enhance security in this scenario?
Use HTTP cookies with secure flags.
Encrypt session IDs.
Implement session timeouts.
Require multi-factor authentication for all logins.