RE: Is logoff feature necessary

["King, Stuart (REHQ-LON)" <Stuart.King () reedelsevier com>]

The developer is being lazy - best practice is definitely to provide log off
functionality. Here's a quote on the matter from page 132 the OWASP guide:

"All applications should have a method of logging out of the application.
This is particularly vital for applications that contain private data or
could be used for identity theft."
 

-----Original Message-----
From: test.future () gmail com [mailto:test.future () gmail com] 
Sent: 02 May 2006 08:41
To: webappsec () securityfocus com
Subject: Is logoff feature necessary

We have a web applicaiton which do not have logoff button. The developer
claims that it is unnecessary, since the session can be terminated by
closing the browser. Is it correct? Thanks.

-------------------------------------------------------------------------
Sponsored by: Watchfire

The Twelve Most Common Application-level Hack Attacks
Hackers continue to add billions to the cost of doing business online 
despite security executives' efforts to prevent malicious attacks. This 
whitepaper identifies the most common methods of attacks that we have seen, 
and outlines a guideline for developing secure web applications. 
Download this whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701300000007t9r
--------------------------------------------------------------------------

-------------------------------------------------------------------------
Sponsored by: Watchfire

The Twelve Most Common Application-level Hack Attacks
Hackers continue to add billions to the cost of doing business online 
despite security executives' efforts to prevent malicious attacks. This 
whitepaper identifies the most common methods of attacks that we have seen, 
and outlines a guideline for developing secure web applications. 
Download this whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701300000007t9r
--------------------------------------------------------------------------