Hacker Newsnew | comments | show | ask | jobs | submit login

Delete your session cookie. Or he could add a logout button.



Deleting a session cookie is not the same as a logout button, because the session needs to be terminated server-sided as well, otherwise it is still active and anyone with access to the session ID could restore the session (until the natural session timeout occurs - which entirely depends on the server's configuration).

-----




Guidelines | FAQ | Support | API | Lists | Bookmarklet | DMCA | Y Combinator | Apply | Contact

Search: