[whatwg] When closing the browser
bil at corry.biz
Fri Dec 12 13:56:31 PST 2008
Ian Hickson wrote on 12/12/2008 2:34 PM:
> If the goal is auto-logout, then what you describe wouldn't help, as it
> would have false-positives (leaving the site when another tab still has
> the site open) and false-negatives (a crash wouldn't log out the user).
Well, more thought needs to go into it. And maybe it isn't practical, I don't know.
> Why do session cookies not address this already?
They do to some extent. You can choose to make the session life shorter, increasing security but potentially logging the user out before they're ready OR you can choose to make the session life longer, decreasing security but allowing the user more time.
More information about the whatwg