SecurityFocus

Is logoff feature necessary May 02 2006 07:41AM
test future gmail com (14 replies)

Re: Is logoff feature necessary May 03 2006 11:19AM
Alexis FitzGerald (alexis iol ie)

Re: Is logoff feature necessary May 02 2006 08:06PM
Robert Hajime Lanning (robert lanning gmail com)

Re: Is logoff feature necessary May 02 2006 04:57PM
Alexander Bolante (alexander bolante gmail com)

Re: Is logoff feature necessary May 02 2006 04:32PM
Dave Ferguson (gmdavef gmail com)

Closing the browser doesn't do anything on the server side, unless
there's some sort of ugliness with javascript going on. If a
server-side session is being created, you definitely want to have a
Logout function - and make sure it invalidates/deletes the session.
I've looked at too many apps where you logout, then use your browser's
back button, and you can start using the app again! Anyway, if there
is authentication happening (i.e., username and password inputs),
users are going to expect a Logout button and will complain or wonder
why there isn't one.

Dave Ferguson

On 2 May 2006 07:41:02 -0000, test.future (at) gmail (dot) com [email concealed]
<test.future (at) gmail (dot) com [email concealed]> wrote:
> We have a web applicaiton which do not have logoff button. The developer claims that it is unnecessary, since the session can be terminated by closing the browser. Is it correct? Thanks.
>
> ------------------------------------------------------------------------
-
> Sponsored by: Watchfire
>
> The Twelve Most Common Application-level Hack Attacks
> Hackers continue to add billions to the cost of doing business online
> despite security executives' efforts to prevent malicious attacks. This
> whitepaper identifies the most common methods of attacks that we have seen,
> and outlines a guideline for developing secure web applications.
> Download this whitepaper today!
>
> https://www.watchfire.com/securearea/whitepapers.aspx?id=701300000007t9r

> ------------------------------------------------------------------------
--
>
>

------------------------------------------------------------------------
-
Sponsored by: Watchfire

The Twelve Most Common Application-level Hack Attacks
Hackers continue to add billions to the cost of doing business online
despite security executives' efforts to prevent malicious attacks. This
whitepaper identifies the most common methods of attacks that we have seen,
and outlines a guideline for developing secure web applications.
Download this whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701300000007t9r

------------------------------------------------------------------------
--

[ reply ]

RE: Is logoff feature necessary May 02 2006 03:42PM
M. Burnett (mb xato net)

RE: Is logoff feature necessary May 02 2006 01:07PM
wa0qmj (bugtraq jvedman com)

RE: Is logoff feature necessary May 02 2006 12:40PM
Rod Divilbiss (rod rodsdot com) (1 replies)

RE: Is logoff feature necessary May 03 2006 10:59AM
Auri Rahimzadeh (auri auri net) (2 replies)

Administrivia: Is logoff feature necessary May 03 2006 12:53PM
Andrew van der Stock (vanderaj greebo net)

RE: Is logoff feature necessary May 03 2006 12:45PM
Keith Duffin (kduffin duffin org) (1 replies)

Re: Is logoff feature necessary May 03 2006 01:30PM
Andrew van der Stock (vanderaj greebo net)

Re: Is logoff feature necessary May 02 2006 11:22AM
Michael Silk (michaelslists gmail com)

RE: Is logoff feature necessary May 02 2006 09:56AM
Deepu Thomas Philip (deepu philip paladion net)

Re: Is logoff feature necessary May 02 2006 09:47AM
ViersOnline (viers free fr)

Re: Is logoff feature necessary May 02 2006 09:32AM
Luciano Miguel Ferreira Rocha (strange nsk no-ip org)

Re: Is logoff feature necessary May 02 2006 09:24AM
Peter Conrad (conrad tivano de)

Re: Is logoff feature necessary May 02 2006 09:22AM
Daniel Persson (mailto woden gmail com)

Re: Is logoff feature necessary May 02 2006 09:14AM
Vicente Aguilera (vaguilera isecauditors com)