_Brain_light_Alamy.jpg?#)
![Apple Teases Spike Jonze 'Someday' Film Showcasing AirPods 4 with ANC [Video]](https://www.iclarified.com/images/news/96727/96727/96727-640.jpg)
![Apple Working on Two New Studio Display Models [Gurman]](https://www.iclarified.com/images/news/96724/96724/96724-640.jpg)
![Dummy Models Allegedly Reveal Design of iPhone 17 Lineup [Images]](https://www.iclarified.com/images/news/96725/96725/96725-640.jpg)
![New M4 MacBook Air On Sale for $949 [Deal]](https://www.iclarified.com/images/news/96721/96721/96721-640.jpg)
![Our Apple Intelligence privacy reports are empty – how about yours? [Poll]](https://i0.wp.com/9to5mac.com/wp-content/uploads/sites/6/2025/03/Our-Apple-Intelligence-privacy-reports-are-empty-%E2%80%93-how-about-yours.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1)
![[The AI Show Episode 139]: The Government Knows AGI Is Coming, Superintelligence Strategy, OpenAI’s $20,000 Per Month Agents & Top 100 Gen AI Apps](https://www.marketingaiinstitute.com/hubfs/ep%20139%20cover-2.png)
![[The AI Show Episode 138]: Introducing GPT-4.5, Claude 3.7 Sonnet, Alexa+, Deep Research Now in ChatGPT Plus & How AI Is Disrupting Writing](https://www.marketingaiinstitute.com/hubfs/ep%20138%20cover.png)
![How to become a self-taught developer while supporting a family [Podcast #164]](https://cdn.hashnode.com/res/hashnode/image/upload/v1741989957776/7e938ad4-f691-4c9e-8c6b-dc26da7767e1.png?#)
![[FREE EBOOKS] ChatGPT Prompts Book – Precision Prompts, Priming, Training & AI Writing Techniques for Mortals & Five More Best Selling Titles](https://www.javacodegeeks.com/wp-content/uploads/2012/12/jcg-logo.jpg){kind=logo}
.jpg?width=1920&height=1920&fit=bounds&quality=80&format=jpg&auto=webp#)
should I expect user being signed out from web app on browser close or computer shutdown? [closed]
I am testing a web application currently under development. I delliberatelly omit to press the 'Sign out' menu button. Instead, I do one of the following actions: close the browser tab with that application close the browser shutdown/restart the PC In all 3 scenarios, when I re-enter the url of the application, I find myself already logged in. (of course, when closing a tab, I felt more natural, but after PC restart I felt intrigued to find myself still logged in) I've tested and found that other platforms exibit the same behaviour: gmail, outlook, stackoverflow, github, gitlab - all keep their users logged in even after PC restart. My main concern is security: I am worried that the user might go to a public location and sign in on a shared PC. After he leaves, somebody else inspecting the browser's history might enter the application on behalf of that user. 1. Is it acceptable that I mark this behaviour as a bug, and still demand that a browser close or a PC restart would sign out the user ? What possible alternatives do I have ? So far, I've found only one: sign out the user after an ammount of time of innactivity on the website. (actually, I also thought of a feature like 'Sign me out on from all locations', but it feels difficult to implement and I would rather ignore this option for now)
![should I expect user being signed out from web app on browser close or computer shutdown? [closed]](https://cdn.sstatic.net/Sites/softwareengineering/Img/apple-touch-icon@2.png?v=1ef7363febba)
I am testing a web application currently under development. I delliberatelly omit to press the 'Sign out' menu button. Instead, I do one of the following actions:
- close the browser tab with that application
- close the browser
- shutdown/restart the PC
In all 3 scenarios, when I re-enter the url of the application, I find myself already logged in. (of course, when closing a tab, I felt more natural, but after PC restart I felt intrigued to find myself still logged in)
I've tested and found that other platforms exibit the same behaviour: gmail, outlook, stackoverflow, github, gitlab - all keep their users logged in even after PC restart.
My main concern is security: I am worried that the user might go to a public location and sign in on a shared PC. After he leaves, somebody else inspecting the browser's history might enter the application on behalf of that user.
1. Is it acceptable that I mark this behaviour as a bug, and still demand that a browser close or a PC restart would sign out the user ?
- What possible alternatives do I have ? So far, I've found only one: sign out the user after an ammount of time of innactivity on the website. (actually, I also thought of a feature like 'Sign me out on from all locations', but it feels difficult to implement and I would rather ignore this option for now)
