Why You Should Log Out Of Some Web Sites When Finished

Every web site you use which has account and login capabilities has a log out function (if not, it is a poorly designed site) which you may or may not use. So for the purposes of this tip, I want to share why not logging out when you are done can be dangerous. Please keep in mind, this is just one possible exploitation and it depends on the way the site you are using is designed as to whether or not it is applicable. I’m going to try to keep it simple, so here goes…

Some sites like to embed what’s called a session ID into the URL when you are logged into their site. Typically you can tell because there will be a long random string of characters in your address bar. The session ID provides a medium for your browser and the site’s server to communicate back and forth. Now, if you navigate away from this site directly, the site you navigate to can capture the URL you can from (which includes your session ID) as the referring URL and record this in their log files. As a result, the new site now has your session ID information and can access the old site as you (again, depending on how the site is designed).

If you log out of the web site, this (should at least) closes your session. This is why you get a lot of notices from banking sites asking you to immediately close your browser.

Again, this is just one possible exploit and it depends entirely on how the site is designed but it does go to show you what can happen even when you are trying to be cautious online.

Free eBook!

Like what you read?

If so, please join over 28,000 people who receive our exclusive weekly newsletter and computer tips, and get FREE COPIES of 5 eBooks we created, as our gift to you for subscribing. Just enter your name and email below:

Post A Comment Using Facebook

  • PJWolf

    A good tip if you on a public PC, however this tip defies the point if your on your own PC and only you have access to your own PC.

    Because who gonna take over from your PC after you used when there no one else UNLESS you don’t trust your wife/husband/girlfriendboyfriend!!!! Then yes this tips can come into effects!

    Just my thought on this.

    • Jason Faulkner

      Actually, this applies to any PC, regardless. If your session ID is in a URL and you navigate to another site, the new site can capture your previous URL as the ‘referrer’.
      This can happen on any computer no matter how secure because it is done through the browser.

  • LuisR

    The referrer URL is only transmitted to the other site if you click on a link from the original site. If you type a URL in the address bar or if you select a site from your favorites list, the referrer is not sent to the next site. The is no referral in both cases. Only when you click on a link.

  • http://casinobonus.bloggsida.se/ Joan Aaronsen

    Thanks a lot for this heads-up. I have never thought that this could happen, but i knew the session ids was stored. Just didn’t think another site could sniff them up. We are more vulnerable than we think:(

  • Todd Hughes

    I’m grateful for the valuable info. I did not know this. I’m wanting to be more computer savvy and I believe PCMech is the place for me. Thanks!

What’s Your Preference?

Daily Alerts

Each day we send out a quick email to thousands of PCMECH readers to notify them of new posts. This email is just a short, plain email with titles and links to our latest posts. You can unsubscribe from this service at any time.

You can subscribe to it by leaving your email address in the following field and confirming your subscription when you get an email asking you to do so.

Enter your email address for
Daily Updates:

Weekly Newsletter

Running for over 6 years, the PCMECH weekly newsletter helps you keep tabs on the world of tech. Each issue includes news bits, an article, an exclusive rant as well as a download of the week. This newsletter is subscribed to by over 28,000 readers (many who also subscribe to the other option) - come join the community!

To subscribe to this weekly newsletter simply add your email address to the following field and then follow the confirmation prompts. You will be able to unsubscribe at any time.

Enter your email address for
Free Weekly Newsletter: