|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: Is logoff feature necessary
From: Auri Rahimzadeh (Auri
auri.net)
Date: Wed May 03 2006 - 09:22:57 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Keep in mind that from what I've seen simply closing ONE browser window when more than one is open doesn't automatically clear/invalidate the session. Both IE and Firefox generally keep those cookies around until ALL windows have been closed. This happens a lot in an application I'm working on now - users complain the wrong data is coming up, and they think closing that one window will fix things. Nope - they have to close all of them. It usually turns into a "well, I rebooted and it worked", when all that did was close all their windows. This would be an interesting issue should some adware/malware keep a window open off-screen, or where the user didn't see it. I'd be interested to know if there's a trick to force the cookie to be removed when you close a single window when multiple windows are open, other than using Javascript to do it.
Thanks again!
Best,
Auri Rahimzadeh
Author
Hacking the PSP
www.hackingpsp.com
---------- Original Message ----------------------------------
From: Keith Duffin <kduffinduffin.org>
Date: Wed, 3 May 2006 08:45:46 -0400 (EDT)
>What about instances where an identity framework is used, such as CA's
>Siteminder or IBM's Identity Mangament Suite? Closing the browser will
>result in the session begin invalidated - I'm not sure if that cascades to
>releasing other resources or not.
>
>On Wed, 3 May 2006, Auri Rahimzadeh wrote:
>
>> In addition, having the session state continues to reserves those resources
>> on the server. So, if there were open recordsets in memory (bad developer!),
(truncated)
-------------------------------------------------------------------------
Sponsored by: Watchfire
The Twelve Most Common Application-level Hack Attacks
Hackers continue to add billions to the cost of doing business online
despite security executives' efforts to prevent malicious attacks. This
whitepaper identifies the most common methods of attacks that we have seen,
and outlines a guideline for developing secure web applications.
Download this whitepaper today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=701300000007t9r
--------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]