Terminate session if user does not accept terms&conditions

Peter Schober peter.schober at univie.ac.at
Thu Jun 10 13:42:45 UTC 2021

* Oluf Færø <ofa at klintra.fo> [2021-06-10 15:00]:
> The current behaviour may be an issue when a public computer is used
> to start a service provider initiated SAML2 login flow.

Then this has nothing to do with Terms Of Use, really.

If this is not some thought experiment but you control (or can
influence) the deployment of those public computers I'd suggest to:

* make sure the browser is configured to delete all data when closing
  (or maybe only ever start the browser in private browsing mode,
  which should achieve the same thing),

* make available some easy and obvious way (e.g. a red button
  somewhere) to exit the complete desktop session (e.g. X11,
  MS-Windows, whatever) or at least close/restart the browser,

* put a sticker or sign on the monitor that advises people to use
  the method from the previous step to "log off" once they're done,
  adding that they are responsibe for any mis-/use that happens from
  not following that simple step.


More information about the users mailing list