Self-tutoring about internet security: the tutor looks into advice he notices often.
Lately I’ve oft noticed advice like “To complete logout please close your browser.” Why is such a follow-up required after logging out?
One point I’ve seen mentioned is that sometimes a user might have several tabs at the site open, but only log out from one. I’d argue that when you log out from one tab related to that site, theoretically the logout should apply to all open tabs relating to it.
This morning, I tried logging into a site, opening several tabs from it, then logging out from only one. I tried this context on two separate sessions, with unrelated sites.
One site, once I had logged out from one of its tabs, disallowed me from any of its others: when I tried using them after logging out from one, they just refreshed to the login screen. I’d expect such response.
The other site, though, still let me use its other tabs after logging out from one of them. I was surprised, and see that as a security weakness, since forgetting to log out from each individual tab is very easy to imagine, especially with numerous other tabs open on the browser.
I will be following up on this issue.
Source:Oracle Tutoring by Jack and Diane, Campbell River, BC.