Sure, you can terminate the session by closing the browser, and many people
do this, but what happens if you don't close the browser but just move on to
another web site? It would be pretty simple to use the back button or
perhaps something like a cross-site scripting attack to pick up a session
tok...
do this, but what happens if you don't close the browser but just move on to
another web site? It would be pretty simple to use the back button or
perhaps something like a cross-site scripting attack to pick up a session
tok...
[ more ]