WebApp Sec mailing list archives
Re: Is logoff feature necessary
From: "Michael Silk" <michaelslists () gmail com>
Date: Thu, 11 May 2006 22:22:48 +1000
silly. what's the point? all it will allow is the session to stay open longer until that message is recieved? -- Michael On 5/10/06, Matt Fisher <mfisher () spidynamics com> wrote:
I've heard of that being done before. It makes sense. How silly an idea would it be for the browser itself to send one last "goodbye" with the sessionID to the last site visited when it's closed ? -----Original Message----- From: Auri Rahimzadeh [mailto:auri () auri net] Sent: Monday, May 08, 2006 9:06 AM To: Auri () auri net; 'Rod Divilbiss'; test.future () gmail com Cc: webappsec () securityfocus com Subject: RE: Is logoff feature necessary (sorry, this message was floating around in the rafters and never made it to the list -A) One solution I failed to mention was you can try to trap the window close event (via Javascript) and call your logout code. Many applications do this for the reasons I described earlier. Thanks again! Best, Auri Rahimzadeh Author Hacking the PSP www.hackingpsp.com ------------------------------------------------------------------------ - Sponsored by: Watchfire Methodologies & Tools for Web Application Security Assessment With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=701300000007t9h ------------------------------------------------------------------------ -- ------------------------------------------------------------------------- Sponsored by: Watchfire Methodologies & Tools for Web Application Security Assessment With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=701300000007t9h --------------------------------------------------------------------------
------------------------------------------------------------------------- Sponsored by: Watchfire Methodologies & Tools for Web Application Security Assessment With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=701300000007t9h --------------------------------------------------------------------------
Current thread:
- RE: Is logoff feature necessary, (continued)
- RE: Is logoff feature necessary Steven Rebello (May 03)
- RE: Is logoff feature necessary King, Stuart (REHQ-LON) (May 03)
- RE: Is logoff feature necessary Jeff Robertson (May 03)
- RE: Is logoff feature necessary Popowycz, Alex (May 03)
- RE: Is logoff feature necessary Sarbjit Singh Gill (May 03)
- RE: Is logoff feature necessary Currey, Mick A (May 03)
- RE: Is logoff feature necessary Auri Rahimzadeh (May 03)
- Is logoff feature necessary intel96 (May 04)
- RE: Is logoff feature necessary Auri Rahimzadeh (May 08)
- RE: Is logoff feature necessary Matt Fisher (May 10)
- Re: Is logoff feature necessary Michael Silk (May 11)
- RE: Is logoff feature necessary Auri Rahimzadeh (May 10)
- RE: Is logoff feature necessary Rod Divilbiss (May 11)
- RE: Is logoff feature necessary Auri Rahimzadeh (May 11)
- Re: Is logoff feature necessary Michael Silk (May 11)
- Re: Is logoff feature necessary Adam Tuliper (May 12)
- RE: Is logoff feature necessary Auri Rahimzadeh (May 12)
- RE: Is logoff feature necessary Rod Divilbiss (May 11)