WebApp Sec mailing list archives

RE: Is logoff feature necessary

From: "Jeff Robertson" <jeff.robertson () digitalinsight com>
Date: Tue, 2 May 2006 07:58:51 -0400

Guess it depends on if you want to force the users to close their
browsers. Some people don't like doing that. (At least I don't). I keep
Firefox running at all times and just open and close tabs at will. If I
had to use an app that required me to close Firefox to log out, I'd
probably just forget to log out.

-----Original Message-----
From: test.future () gmail com [mailto:test.future () gmail com] 
Sent: Tuesday, May 02, 2006 03:41
To: webappsec () securityfocus com
Subject: Is logoff feature necessary

We have a web applicaiton which do not have logoff button. 
The developer claims that it is unnecessary, since the 
session can be terminated by closing the browser. Is it 
correct? Thanks.

--------------------------------------------------------------
-----------
Sponsored by: Watchfire

The Twelve Most Common Application-level Hack Attacks Hackers 
continue to add billions to the cost of doing business online 
despite security executives' efforts to prevent malicious 
attacks. This whitepaper identifies the most common methods 
of attacks that we have seen, and outlines a guideline for 
developing secure web applications. 
Download this whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=70130
0000007t9r
--------------------------------------------------------------
------------


-------------------------------------------------------------------------
Sponsored by: Watchfire

The Twelve Most Common Application-level Hack Attacks
Hackers continue to add billions to the cost of doing business online
despite security executives' efforts to prevent malicious attacks. This
whitepaper identifies the most common methods of attacks that we have seen,
and outlines a guideline for developing secure web applications.
Download this whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701300000007t9r
--------------------------------------------------------------------------

Current thread:

Re: Is logoff feature necessary, (continued)
- - - Re: Is logoff feature necessary Andrew van der Stock (May 03)
- RE: Is logoff feature necessary wa0qmj (May 03)
- RE: Is logoff feature necessary M. Burnett (May 03)
- Re: Is logoff feature necessary Robert Hajime Lanning (May 03)
- Re: Is logoff feature necessary Alexander Bolante (May 03)
- Re: Is logoff feature necessary Alexis FitzGerald (May 03)
- RE: Is logoff feature necessary wa0qmj (May 03)
- RE: Is logoff feature necessary André Gil (May 03)
- RE: Is logoff feature necessary Steven Rebello (May 03)
- RE: Is logoff feature necessary King, Stuart (REHQ-LON) (May 03)
- RE: Is logoff feature necessary Jeff Robertson (May 03)
- RE: Is logoff feature necessary Popowycz, Alex (May 03)
- RE: Is logoff feature necessary Sarbjit Singh Gill (May 03)
- RE: Is logoff feature necessary Currey, Mick A (May 03)
- RE: Is logoff feature necessary Auri Rahimzadeh (May 03)
- Is logoff feature necessary intel96 (May 04)
- RE: Is logoff feature necessary Auri Rahimzadeh (May 08)
- RE: Is logoff feature necessary Matt Fisher (May 10)
  - Re: Is logoff feature necessary Michael Silk (May 11)
- RE: Is logoff feature necessary Auri Rahimzadeh (May 10)
  - RE: Is logoff feature necessary Rod Divilbiss (May 11)

(Thread continues...)