The purpose of logging out is to terminate your session. The settings
vary from app to app, but yes, sessions can be terminated by closing
the browser or from session inactivity after a certain number of idle
minutes have passed. But from a security standpoint, I would not say
it's unnecessary. For best practices and standard security policies,
it's usually more than just a 'nice-to-have' depending on your
business and data requirements.

For example, again, depending on your app, maybe your site license
limits you to a few simultaneous users. Logging out is important
because it will complete your session, allowing another user to access
the app. If you do not properly log out and the max number of users
are using the app, no one else will be able to use the app until your
session expires.

Cheers!

On 2 May 2006 07:41:02 -0000, test.future (at) gmail (dot) com [email concealed]
<test.future (at) gmail (dot) com [email concealed]> wrote:
> We have a web applicaiton which do not have logoff button. The developer claims that it is unnecessary, since the session can be terminated by closing the browser. Is it correct? Thanks.
>
> ------------------------------------------------------------------------
-
> Sponsored by: Watchfire
>
> The Twelve Most Common Application-level Hack Attacks
> Hackers continue to add billions to the cost of doing business online
> despite security executives' efforts to prevent malicious attacks. This
> whitepaper identifies the most common methods of attacks that we have seen,
> and outlines a guideline for developing secure web applications.
> Download this whitepaper today!
>
> https://www.watchfire.com/securearea/whitepapers.aspx?id=701300000007t9r

> ------------------------------------------------------------------------
--
>
>

--
Alexander.Bolante (at) gmail (dot) com [email concealed]
abolante.blogspot.com

------------------------------------------------------------------------
-
Sponsored by: Watchfire

The Twelve Most Common Application-level Hack Attacks
Hackers continue to add billions to the cost of doing business online
despite security executives' efforts to prevent malicious attacks. This
whitepaper identifies the most common methods of attacks that we have seen,
and outlines a guideline for developing secure web applications.
Download this whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701300000007t9r

------------------------------------------------------------------------
--

[ reply ]