RE: Is logoff feature necessary

[Sarbjit Singh Gill <ssgill () gilltechnologies com>]

 Logoff buttons let you actively destroy server sessions, do housekeeping
on the server and maybe even run codes on the client side. Also it is  a
user  physiological thing that they want to see a logoff button.

 /Gill

-----Original Message-----
From: test.future () gmail com [mailto:test.future () gmail com]
Sent: Tuesday, May 02, 2006 3:41 PM
To: webappsec () securityfocus com
Subject: Is logoff feature necessary

We have a web applicaiton which do not have logoff button. The developer
claims that it is unnecessary, since the session can be terminated by
closing the browser. Is it correct? Thanks.

-------------------------------------------------------------------------
Sponsored by: Watchfire

The Twelve Most Common Application-level Hack Attacks Hackers continue to
add billions to the cost of doing business online despite security
executives' efforts to prevent malicious attacks. This whitepaper identifies
the most common methods of attacks that we have seen, and outlines a
guideline for developing secure web applications. 
Download this whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701300000007t9r
--------------------------------------------------------------------------


-------------------------------------------------------------------------
Sponsored by: Watchfire

The Twelve Most Common Application-level Hack Attacks
Hackers continue to add billions to the cost of doing business online 
despite security executives' efforts to prevent malicious attacks. This 
whitepaper identifies the most common methods of attacks that we have seen, 
and outlines a guideline for developing secure web applications. 
Download this whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701300000007t9r
--------------------------------------------------------------------------