Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

WebApp Sec: Re: Is logoff feature necessary

Re: Is logoff feature necessary

From: Luciano Miguel Ferreira Rocha <strange_at_nsk.no-ip.org>
Date: Tue, 2 May 2006 10:32:20 +0100

On Tue, May 02, 2006 at 07:41:02AM -0000, test.future_at_gmail.com wrote:
> We have a web applicaiton which do not have logoff button. The developer claims that it is unnecessary, since the session can be terminated by closing the browser. Is it correct? Thanks.

Yes, session cookies are removed on exit. But why force people to
terminate the browser when they want to logout from that site?

-- 
lfr
0/0

application/pgp-signature attachment: stored

Received on May 03 2006

This message: [ Message body ]
Next message: Stephen de Vries: "Re: [WEB SECURITY] By default, the Verifier is disabled on .Net and Java"
Previous message: Achim Hoffmann: "Re: [WEB SECURITY] cookies a fundamental threat?"
In reply to: test.future_at_gmail.com: "Is logoff feature necessary"
Next in thread: ViersOnline: "Re: Is logoff feature necessary"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]