Hacker Newsnew | comments | show | ask | jobs | submitlogin

Deleting a session cookie is not the same as a logout button, because the session needs to be terminated server-sided as well, otherwise it is still active and anyone with access to the session ID could restore the session (until the natural session timeout occurs - which entirely depends on the server's configuration).



Applications are open for YC Summer 2015

Guidelines | FAQ | Support | Lists | Bookmarklet | DMCA | Y Combinator | Apply | Contact

Search: