Hacker News new | comments | show | ask | jobs | submit login

Deleting a session cookie is not the same as a logout button, because the session needs to be terminated server-sided as well, otherwise it is still active and anyone with access to the session ID could restore the session (until the natural session timeout occurs - which entirely depends on the server's configuration).

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact