For how long is the master key valid during a session?

The master key's validity during a session is until the session ends. This means that the master key will be active and usable for the entirety of that particular session, which provides a consistent framework for encryption or authentication processes that rely on the master key. Once the session concludes, the master key is no longer valid, which helps to ensure security by limiting the exposure of the key and necessitating a new key generation for any future sessions.

In contrast, options suggesting the master key is valid indefinitely, for a fixed period, or until keys are refreshed do not accurately reflect the nature of session-based key management, where the lifespan is tied explicitly to the duration of the active session. This security measure helps protect data integrity and access control by ensuring that keys are not used once a session has ended.