We recently discovered that when you enable the "Save tabs" feature in chrome it also saves off the session.
This is an issue if you have a web application that only logs the user out when they close the browser (by localising the cookies and setting expiry to now())
This was a valid technique when you don't want to set a time expiry but you do want the user to be logged out at some point.
But now in practice if I log in close the window and re open it, I'm still logged in.
0 comments:
Post a Comment