Requiring confirmation of logout is a security hole

When the user logs out they are challenged “are you sure”? and the user is NOT logged out if they ignore this challenge.

This is an obsolete practice. Business and Social outlets simply log you out when you request it. I have pointed out many times that this is a security hole, since alone of places online, BPL won’t log you out when you ask to log out, and a user used to other services will press Log Out and walk away, thinking they had logged out, when they hadn’t, and the next person who uses the terminal can mess the prior person over. Just the other day I logged a person out of a public terminal at the library who had walked away leaving the “are you sure?” on the screen.

When the user clicks “Log Out”, they should simply be logged out. If they genuinely hadn’t intended to log out, they can log back in trivially.

This is one of many “suggestions” I have filed (multiple times) in the suggestion box, only to have it totally ignored.

Leave a Reply