Hacker Newsnew | comments | show | ask | jobs | submit login

Delete your session cookie. Or he could add a logout button.

Deleting a session cookie is not the same as a logout button, because the session needs to be terminated server-sided as well, otherwise it is still active and anyone with access to the session ID could restore the session (until the natural session timeout occurs - which entirely depends on the server's configuration).


Guidelines | FAQ | Support | API | Lists | Bookmarklet | DMCA | Y Combinator | Apply | Contact