Update 11-Testing_for_Concurrent_Sessions.md

improve the summary part and add some essential factors

document/4-Web_Application_Security_Testing/06-Session_Management_Testing/11-Testing_for_Concurrent_Sessions.md

@@ -4,9 +4,16 @@
 
 ## Summary
 
-Concurrent sessions are a common aspect of web applications that enable multiple simultaneous user interactions. This test case aims to verify the application’s ability to handle multiple active sessions for a single user, which is crucial to ensure effective management of concurrent user sessions, particularly within sensitive areas such as admin panels containing Personally Identifiable Information (PII) data, personal user accounts, or APIs reliant on third-party services to enrich user-provided data, and to align concurrent sessions with an application’s security needs.
+Concurrent sessions are a common aspect of web applications that enable multiple simultaneous user interactions. This test case aims to evaluate the application's ability to handle multiple active sessions for a single user. This functionality is essential for effectively managing concurrent user sessions, particularly in sensitive areas such as admin panels containing Personally Identifiable Information (PII), personal user accounts, or APIs reliant on third-party services to enrich user-provided data. The primary objective is to ensure that concurrent sessions align with the application's security requirements.
 
-It is important to understand the security requirements of concurrent sessions in an application to determine whether concurrent sessions are a desirable or intended feature. While allowing concurrent sessions is not inherently negative and is intentionally permitted in numerous applications, it is crucial to ensure that the application’s functionality is effectively aligned with its security measures concerning concurrent sessions. If concurrent sessions are intended, it is vital to ensure additional security controls, such as managing active sessions, terminating sessions, and potential new session notifications. Conversely, if concurrent sessions are not intended or planned within the application, it is crucial to validate existing checks for session management vulnerabilities.
+Understanding the security needs for concurrent sessions in an application is key to assessing whether enabling concurrent sessions aligns with the intended features. Allowing concurrent sessions isn't inherently detrimental and is intentionally permitted in many applications. However, it is crucial to ensure that the application’s functionality is effectively aligned with its security measures concerning concurrent sessions. If concurrent sessions are intended, it is vital to ensure additional security controls, such as managing active sessions, terminating sessions, and potential new session notifications. Conversely, if concurrent sessions are not intended or planned within the application, it is crucial to validate existing checks for session management vulnerabilities.
+
+To recognize that concurrent sessions are essential, you should consider the following factors:
+
+- Understanding the application's nature, particularly situations where users might require simultaneous access from different locations or devices.
+- Identifying critical operations, such as financial transactions that require secure access.
+- Handling sensitive data like Personally Identifiable Information (PII), indicating the necessity for secure interactions.
+- Distinguishing between a management panel and a standard user dashboard for normal user access.
 
 ## Test Objectives