[ProgSoc] I am very interested in you!

Peter Dolkens peter.dolkens at ddrit.com
Wed Sep 1 00:36:52 EST 2010


With the token system, there's no need to send an explicit logout
instruction, removing the cookie, removes the token, effectively logs you
out.

Yes you should probably send back "oh hey, this session is over" for
security reasons just incase someone tries to steal the cookie, but fact is,
the second your cookie's gone, you're not logged in any more.

On Mon, Aug 30, 2010 at 6:58 PM, Noah O'Donoghue
<noah.odonoghue at gmail.com>wrote:

> On Sunday, August 29, 2010, Tomislav Bozic <tomchristmas at progsoc.org>
> >When you log out, the session is terminated (by sending an empty
> > cookie) and authentication stops.
>
> Surely you couldn't send a blank cookie or it wouldn't know who to log out?
>
> -Noah
>
> _______________________________________________
> Progsoc mailing list
> Progsoc at progsoc.org
> http://progsoc.org/cgi-bin/mailman/listinfo/progsoc
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://progsoc.org/pipermail/progsoc/attachments/20100901/7a4b81c2/attachment.html>


More information about the Progsoc mailing list