RE: Is logoff feature necessary

["Auri Rahimzadeh" <Auri () auri net>]

Since there is no standardized logoff/logout mechanism defined (someone please tell me if I'm wrong!), it would be 
insanely difficult to assume the browser could log the user out appropriately.

Of course, that would be a great W3C group to start up... I'd join! Heck, I'd even chair it! :)

Thanks again!

Best,

Auri Rahimzadeh
Author
Hacking the PSP
www.hackingpsp.com


---------- Original Message ----------------------------------
From: "Matt Fisher" <mfisher () spidynamics com>
Date:  Tue, 9 May 2006 23:14:21 -0400

> I've heard of that being done before.  It makes sense.  
>
> How silly an idea would it be for the browser itself to send one last
> "goodbye" with the sessionID to the last site visited when it's closed ?
>
>
>
> -----Original Message-----
> From: Auri Rahimzadeh [mailto:auri () auri net] 
> Sent: Monday, May 08, 2006 9:06 AM
> To: Auri () auri net; 'Rod Divilbiss'; test.future () gmail com
> Cc: webappsec () securityfocus com
> Subject: RE: Is logoff feature necessary
>
> (sorry, this message was floating around in the rafters and never made
> it to
> the list -A)
>
> One solution I failed to mention was you can try to trap the window
> close
> event (via Javascript) and call your logout code. Many applications do
> this
> for the reasons I described earlier.
>
> Thanks again!
>
> Best,
>
> Auri Rahimzadeh
> Author
> Hacking the PSP
> www.hackingpsp.com
>
>
>
>
> ------------------------------------------------------------------------
> -
> Sponsored by: Watchfire
>
> Methodologies & Tools for Web Application Security Assessment
> With the rapid rise in the number and types of security threats, web 
> application security assessments should be considered a crucial phase in
>
> the development of any web application. What methodology should be 
> followed? What tools can accelerate the assessment process? 
> Download this whitepaper today!
>
> https://www.watchfire.com/securearea/whitepapers.aspx?id=701300000007t9h
> ------------------------------------------------------------------------
> --
>
>
> -------------------------------------------------------------------------
> Sponsored by: Watchfire
>
> Methodologies & Tools for Web Application Security Assessment
> With the rapid rise in the number and types of security threats, web 
> application security assessments should be considered a crucial phase in 
> the development of any web application. What methodology should be 
> followed? What tools can accelerate the assessment process? 
> Download this whitepaper today!
>
> https://www.watchfire.com/securearea/whitepapers.aspx?id=701300000007t9h
> --------------------------------------------------------------------------


-------------------------------------------------------------------------
Sponsored by: Watchfire

Methodologies & Tools for Web Application Security Assessment
With the rapid rise in the number and types of security threats, web 
application security assessments should be considered a crucial phase in 
the development of any web application. What methodology should be 
followed? What tools can accelerate the assessment process? 
Download this whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701300000007t9h
--------------------------------------------------------------------------