Logout without closing the browser

Cantor, Scott cantor.2 at osu.edu
Thu Dec 10 10:25:31 EST 2015

On 12/10/15, 10:11 AM, "users on behalf of Youssef  GHORBAL" <users-bounces at shibboleth.net on behalf of youssef.ghorbal at pasteur.fr> wrote:

>> I probably will also put in a more pointed discussion of the fact that the browser vendors could fix all this in 5 minutes. The blame, and responsibility, lies with Google, Mozilla, Apple, and Microsoft.
>You triggered my curiosity. Can you elaborate more on this ?
>I wasn’t aware of this aspect of SLO.

Add a new cookie property (like HttpOnly) called Authn (ignored on older browsers). Add a button to the browser to do a logout that destroys any cookies with that property. Exclude those cookies from the session restore "features" they've implemented. Done. Wow, that was hard.

But they will never do this, because their business model is supporting (or actually being) the Internet predators whose business model is spying on users, and being logged in at all times is part of that model.

I could share with you the verbatim response I got from suggesting that change to Mozilla but it's not fit for polite company.

-- Scott


More information about the users mailing list