choicesmade
@optonline.net
|  not logging out and closing browser?
I have a general security question that I'm really curious about. I know when you're on a secured website, you should "log out" and then click "X" so the browser closes and there is no other information left on the browser.
However, what happens if you (accidentally) just "X" out the browser without logging out from the secured site first? Does anything different happen since the browser would have been closed? Any help and input would be greatly appreciated in explaining the difference, if there is any, between "logging out" and closing the browser, or just closing the browser by itself. Thank you very much. |
|
The Snowman
Premium
join:2007-05-20
 ·Verizon Online DSL
|
***However, what happens if you (accidentally) just "X" out the browser without logging out***
Simply put..when that happens you just did not log-out of the website......eventually, the website will "time-you-out".....and you then will be loged-out, or, you can return to the website and re-login....at that point you may be advised that you are already loged-in and be offer some options.
A serious mis-leading is that many people think that by just X'ing out of a secure website the browser information disappears...this is not so....the information actually is still on your computer for those with the knowledge to recover it. Its not difficult to actually remove the information, however, it does require a few extra steps......which is an entirely "another subject"......but you could use CCleaner to clear most of the information...easily...if you are new to computers do not use the Registry Feature in CCleaner...it could possible cause harm to your computer if it deletes needed "stuff".
Hope this helps. |
|
Cudni
La Merma - Los De Aca
Premium,MVM
join:2003-12-20
Someshire
·BTOpenworld
| reply to choicesmade
if the security is properly implemented on the secure site, there would be no difference, security wise, and the the session would be terminated/logged out with browser closed requiring logging in on the next visit.
Cudni
--
"Mercifully, he hit him with the soft end of the pistol."
Help yourself so God can help you.
Microsoft MVP, 2006 - 2008 |
|
Mele20
Premium
join:2001-06-05
Hilo, HI | A banking site will usually log you out after x number of minutes whether you are in the site but inactive because you answered a phone call, etc. or you have closed the browser. |
|
bcastner
Premium,MVM
join:2002-09-25
Chevy Chase, MD
clubs: 
·Verizon Online DSL
edit:
May 5th, @10:54AM
| reply to choicesmade
Which version of IE?
For IE6, these session is closed for the active Window but not another window. For IE7 the session is closed for the active tab; but not any other tab in the active Window. For IE8 Beta the session is closed.
Then, as noted above, then there is the issue of the remote Host. For reasons of inactivity it will close the session; the actual host timing for this a custom matter. |
|
mikenolan7
Premium
join:2005-06-07
Torrance, CA
 ·Sprint Mobile Broa..
 ·RoadRunner Cable
| reply to choicesmade
At least with Firefox and Opera in Linux, it is also dependent on the browser options you have set. If you don't choose to delete all user data when you close your browser, simply reopening your browser quickly after closing it will allow someone to be logged in to your active sessions. If you choose to delete all user data when the browser is closed, you have to re-enter a password to access your accounts. |
|
quatrix
join:2005-02-11
Davie, FL
| reply to choicesmade
Contrary to some of the false information here (maybe from the same non-experts who preach against JavaScript and cookies, leave anti-virus and other stuff resident in memory, etc.) there's essentially no difference and nothing to worry about. If you want to see for yourself, log into a secure site, copy the URL, close the browser, reopen it, and try to load the URL. Unless the web site is seriously screwed up, you'll have to log in again. |
|
NetFixer
Snarl for the camera please
Premium
join:2004-06-24
Murfreesboro, TN
 ·Vonage
·Cingular Wireless
·AT&T CallVantage
·AT&T Southeast
·Comcast
| said by quatrix  :Contrary to some of the false information here (maybe from the same non-experts who preach against JavaScript and cookies, leave anti-virus and other stuff resident in memory, etc.) there's essentially no difference and nothing to worry about. If you want to see for yourself, log into a secure site, copy the URL, close the browser, reopen it, and try to load the URL. Unless the web site is seriously screwed up, you'll have to log in again. Actually there are a lot of those "seriously screwed up" web sites, including some for some very high profile high tech companies. I have closed the browser and reentered several such sites with no login required from a different computer, but the same public IP address. I would hope that eventually they would time out, but I have done this after several hours on a couple of occasions, so the time out (if any) for those sites is quite long.
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.
Test your firewall. |
|
mikenolan7
Premium
join:2005-06-07
Torrance, CA
·Sprint Mobile Broa..
·RoadRunner Cable
| reply to quatrix
While I admit to being a non-expert, I don't preach against JavaScript or cookies, and seldom use Windows, never for browsing, so I don't leave anti-virus resident in memory. I can report on the little tests I have run on my own, and it is possible to re-open a browser and enter some sites. If the site provides an identifying cookie, and it is still resident in your browser, my experience is that it is more likely to occur. |
|
EGeezer
Spring is here
Premium
join:2002-08-04
Country!
·RoadRunner Cable
·AT&T CallVantage
edit:
May 5th, @07:41PM
| reply to choicesmade
said by Mozillazine :
Disk caching saves copies of the downloaded files on the hard drive so they doesn't need to be downloaded to be redisplayed. These pages can be viewed by anyone with permission to the cache folder.
Pages transmitted with SSL encryption often contain sensitive information and caching of these pages to disk may present a privacy risk. This preference controls whether to cache to disk pages that were transmitted with SSL encryption.
Possible values and their effects
true = Cache to disk content retrieved by SSL.
false = Don't cache to disk content retrieved by SSL. (Default)
See article here .
Internet Explorer
MORE INFORMATION
When you try to open or to download an active document over SSL, you can use one the following methods to prevent permanent client-side caching. The solutions listed here only work when you try to open or to download the active document as a result of a POST request or by clicking a hyperlink on a Web page.
• Change security settings in Microsoft Internet Explorer. To do this, follow these steps:
1. On the Tools menu, click Internet Options.
2. On the Advanced tab, scroll to Security, and then click to select the Do not save encrypted pages to disk check box.
• Add a Cache-control: no-store HTTP header to the response message.
• You can also add the Cache-control: no-cache HTTP header to the response message. Currently, when you add the Cache-control: no-cache header, the download fails.
Internet Explorer must save the file to the local cache to enable the associated application to load the file. Temporary client caching of active documents has only been implemented for hyperlink or for POST request scenarios to allow the associated application to load the documents. Therefore, if you use the above methods and try to open or to download the active document directly by typing the URL of the document in the Internet Explorer Address bar, the download fails.
Link here.
EDIT - you should be all right exiting by closing the browser. Just be sure to close all instances of the browser including dialog boxes and any popup windows.
--
Mayors of New York come from nowhere and go nowhere.
Wallace Sayre (apparently, so do governors... ) |
|
Cudni
La Merma - Los De Aca
Premium,MVM
join:2003-12-20
Someshire
·BTOpenworld
| reply to quatrix
said by quatrix :Contrary to some of the false information here (maybe from the same non-experts who preach against JavaScript .... I don't know what a self confessed expert would say but my common sense tells me not to allow any script to run (Java script being just one) for any site except those that are in Trusted zone which by definition contains sites being trusted (as much as they can be but certainly more than the others) not to inflict any damage
I don't see why should anybody but myself have fun with my computer 
»Mozilla Firefox 3.0 beta 5 DoS vulnerability
Cudni
--
"Mercifully, he hit him with the soft end of the pistol."
Help yourself so God can help you.
Microsoft MVP, 2006 - 2008 |
|
jdong
Eat A Beaver, Save A Tree.
Premium
join:2002-07-09
Rochester, MI
clubs:
| reply to choicesmade
(1) Almost every security-conscious website will destroy your session on closing your browser too, but you have to be careful that you're actually closing your browser. If you just close the current window and not the entire browser, I'm not so confident all sites are well designed to destroy your session immediately
(2) Firefox SSL caching is limited by default in 2.0 to nothing, in 3.0 Firefox will cache files that contain a special header to allow caching (i.e. CSS transmitted over SSL are likely safe to cache). If you enable the about:config option explicitly, I think it will cause Firefox to cache other aspects of the pages too, which is not that great of a feature)
--
Ubuntu MOTU Developer and Forums Council |
|
Grail Knight
Who Dares Wins
Premium
join:2003-05-31
Erie, PA
·Verizon Online DSL
| reply to choicesmade
Depending on your browser if you just close out the cache & cookies will remain.
Now there are options like in Firefox to clear everything on close so no matter if you close accidentally before logging off of a site the data required to log back in will be cleared on any close.
Some banking, credit card, and general merchants will after "X" amount of inactivity log you out anyway requiring you to log back in on the next visit or even if you say walked away for your computer for "X" amount of time.
Check the options in the browser you are using and make adjustments if available to clear cache, cookies, memory upon closing.
--
"Why answer any questions when you can pull a MuMu"? - unknown |
|
OZO
Premium
join:2003-01-17
| reply to choicesmade
I think it doesn't matter.
SSL session handshake uses randomly generated data provided from both sides. If you close browser - data is gone. If you try to open another browser and connect to the same server - it will generate different data package, resulting in a different SSL session.
--
Keep it simple, it'll become complex by itself... |
|
antong
@tiaa-cref.org | reply to choicesmade
How about if I enter my login info, but when I submit the info, the page refeshes and says "the page cannot be displayed"
Did I login? Is my secure data floating in space some place? Is my page open to someone else by mistake?
thanks |
|
