My apologies, Firefox will not maintain a session as long as ALL open
instances of the browser are closed. However, if you have multiple
instances of the browser open, even those which were opened prior to
establishing a session can recycle that session, so I stand by my assertion
that having a logoff function is very important.
Peace,
Wa0qmj
-----Original Message-----
From: wa0qmj [mailto:bugtraq@jvedman.com]
Sent: Tuesday, May 02, 2006 9:08 AM
To: 'webappsec@securityfocus.com'
Subject: RE: Is logoff feature necessary
In my experience Foxfire will recycle a session, even after shutting down
and re-opening the browser, so I would argue that a logoff function is
critical. I really dislike secure systems that don't have them as I feel
that I should be allowed the preference of deciding when I want to end my
session, and should have the security of knowing that my session has been
ended.
Peace,
wa0qmj
-----Original Message-----
From: test.future@gmail.com [mailto:test.future@gmail.com]
Sent: Tuesday, May 02, 2006 3:41 AM
To: webappsec@securityfocus.com
Subject: Is logoff feature necessary
We have a web applicaiton which do not have logoff button. The developer
claims that it is unnecessary, since the session can be terminated by
closing the browser. Is it correct? Thanks.
-------------------------------------------------------------------------
Sponsored by: Watchfire
The Twelve Most Common Application-level Hack Attacks
Hackers continue to add billions to the cost of doing business online
despite security executives' efforts to prevent malicious attacks. This
whitepaper identifies the most common methods of attacks that we have seen,
and outlines a guideline for developing secure web applications.
Download this whitepaper today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=701300000007t9r
--------------------------------------------------------------------------
