开发者

logout - keep or delete cookies

If on login page user specifies 'remember me for a week', which means he gets a cookie for 1 week, what is an appropriate action on logout? logout and delete his cookie with 1 week preference, or just redirect him somewhere and keep the same cookie as he 开发者_开发知识库asked before?


What is a meaningful semantic of "remember me" if "logout" cannot undo it? Usually "remember me" means that the user comes back without needing to authenticate again, so an explicit "logout" should definitely destroy the "remembered" session and require authentication again.


I think "Remember me" should not persist the cookie if its logged off. It must only remembers in case of closing and starting browser sessions.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜