A question for web developers

B

biff

Active Member
Joined
Apr 29, 2010
Messages
48
Reaction score
0
A question for web developers:

With online banking I know that if I close the page by clicking the x or closing the browser altogether, if I go back, I will be logged out and I would need to login again with username and password.

I recently joined a 'rewards program' and thinking I clicked the 'log out', I clicked 'checkout' by accident and closed the page.

Went back to the website (so I could set up my dads account) and then saw I was still logged in.
I did it again just to check it wasnt a one off.

Correct me if I am wrong but this is not supposed to happen is it? ie if I close the page or browser, it should log me out/terminate my cession/not remember me?
 
Sessions typically last 20 minutes, so it is reasonably common to have a site log you in and you remain logged in when you return.

Banks etc should log you out on close, but the event is not always caught.

Moral of the story: always log out.

(or use "private browsing" mode)
 
sorry should have added its a rewards program for one the banks and also it happens on chrome and ie. (if it makes a difference)
 
Basically, there are different levels of session security between the rewards site and the banking site. Typically, banking sites sessions will time out in about 5 minutes of inactivity, and technically it may be possible to close the window and reopen it within that period to regain a usable session. That assumes that you are using a tabbed browser, or have multiple windows open, and only close the one window used for your banking. This is because banking sites use transient cookies, that are stored in memory, and discarded when the browser closes. If the entire browser is not closed, the cookie can stick around, and remain usable.

The rewards site may be using persistent cookies, to retain your session even after you close the window/browser. Because the security profiles of the two sites are different (and I assume that to actually make a purchase with your loyalty points, that you would need to reauthenticate), this is not a totally unreasonable thing.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X