|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: Is logoff feature necessary
From: Auri Rahimzadeh (Auri
auri.net)
Date: Wed May 10 2006 - 12:15:40 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Since there is no standardized logoff/logout mechanism defined (someone please tell me if I'm wrong!), it would be insanely difficult to assume the browser could log the user out appropriately.
Of course, that would be a great W3C group to start up... I'd join! Heck, I'd even chair it! :)
Thanks again!
Best,
Auri Rahimzadeh
Author
Hacking the PSP
www.hackingpsp.com
---------- Original Message ----------------------------------
From: "Matt Fisher" <mfisherspidynamics.com>
Date: Tue, 9 May 2006 23:14:21 -0400
>I've heard of that being done before. It makes sense.
>
>How silly an idea would it be for the browser itself to send one last
>"goodbye" with the sessionID to the last site visited when it's closed ?
>
>
>
>-----Original Message-----
>From: Auri Rahimzadeh [mailto:auriauri.net]
>Sent: Monday, May 08, 2006 9:06 AM
>To: Auriauri.net; 'Rod Divilbiss'; test.futuregmail.com
>Cc: webappsecsecurityfocus.com
>Subject: RE: Is logoff feature necessary
>
>(sorry, this message was floating around in the rafters and never made
>it to
>the list -A)
>
>One solution I failed to mention was you can try to trap the window
>close
>event (via Javascript) and call your logout code. Many applications do
>this
>for the reasons I described earlier.
>
>Thanks again!
>
>Best,
>
>Auri Rahimzadeh
>Author
>Hacking the PSP
>www.hackingpsp.com
>
>
>
>
>------------------------------------------------------------------------
>-
>Sponsored by: Watchfire
>
>Methodologies & Tools for Web Application Security Assessment
>With the rapid rise in the number and types of security threats, web
>application security assessments should be considered a crucial phase in
>
>the development of any web application. What methodology should be
>followed? What tools can accelerate the assessment process?
>Download this whitepaper today!
>
>https://www.watchfire.com/securearea/whitepapers.aspx?id=701300000007t9h
>------------------------------------------------------------------------
>--
>
>
>-------------------------------------------------------------------------
>Sponsored by: Watchfire
>
>Methodologies & Tools for Web Application Security Assessment
>With the rapid rise in the number and types of security threats, web
>application security assessments should be considered a crucial phase in
>the development of any web application. What methodology should be
>followed? What tools can accelerate the assessment process?
>Download this whitepaper today!
>
>https://www.watchfire.com/securearea/whitepapers.aspx?id=701300000007t9h
>--------------------------------------------------------------------------
>
-------------------------------------------------------------------------
Sponsored by: Watchfire
Methodologies & Tools for Web Application Security Assessment
With the rapid rise in the number and types of security threats, web
application security assessments should be considered a crucial phase in
the development of any web application. What methodology should be
followed? What tools can accelerate the assessment process?
Download this whitepaper today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=701300000007t9h
--------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]