Logout without closing the browser

Dave Perry Dave.Perry at hull-college.ac.uk
Fri Dec 11 06:50:47 EST 2015 

What if we became unpolite company for the duration of reading it...

Dave

_________________________________________________
Dave Perry
eLearning Technologist, Hull College Group

Room L34 - Queens Gardens Library
Wilberforce Drive, Queen's Gardens, Hull, HU1 3DG
Extension 2230 / Direct Dial 01482 381930

* Need a fast reply? Try elearning at hull-college.ac.uk *

-----Original Message-----
From: users [mailto:users-bounces at shibboleth.net] On Behalf Of Cantor, Scott
Sent: 10 December 2015 15:26
To: Shib Users
Subject: Re: Logout without closing the browser

On 12/10/15, 10:11 AM, "users on behalf of Youssef  GHORBAL" <users-bounces at shibboleth.net on behalf of youssef.ghorbal at pasteur.fr> wrote:



>[…]
>
>> I probably will also put in a more pointed discussion of the fact that the browser vendors could fix all this in 5 minutes. The blame, and responsibility, lies with Google, Mozilla, Apple, and Microsoft.
>
>You triggered my curiosity. Can you elaborate more on this ?
>I wasn’t aware of this aspect of SLO.

Add a new cookie property (like HttpOnly) called Authn (ignored on older browsers). Add a button to the browser to do a logout that destroys any cookies with that property. Exclude those cookies from the session restore "features" they've implemented. Done. Wow, that was hard.

But they will never do this, because their business model is supporting (or actually being) the Internet predators whose business model is spying on users, and being logged in at all times is part of that model.

I could share with you the verbatim response I got from suggesting that change to Mozilla but it's not fit for polite company.

-- Scott

>
-- 
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net

**********************************************************************
This message is sent in confidence for the addressee
only. It may  contain confidential or sensitive
information.  The contents are not to be disclosed
to anyone other than the addressee.  Unauthorised
recipients are requested to preserve this
confidentiality and to advise us of any errors in
transmission.  Any views expressed in this message
are solely the views of the individual and do not
represent the views of the College.  Nothing in this
message should be construed as creating a contract.

Hull College Group owns the email infrastructure, including the contents.

Hull College Group is committed to sustainability, please reflect before printing this email.
**********************************************************************

TEXT

More information about the users mailing list