_Cagkan_Sayin_Alamy.jpg?#)
![Apple Releases iOS 18.4 Beta 4 and iPadOS 18.4 Beta 4 [Download]](https://www.iclarified.com/images/news/96734/96734/96734-640.jpg)
![Apple Seeds watchOS 11.4 Beta 4 to Developers [Download]](https://www.iclarified.com/images/news/96737/96737/96737-640.jpg)
![Apple Seeds visionOS 2.4 Beta 4 With Apple Intelligence to Developers [Download]](https://www.iclarified.com/images/news/96740/96740/96740-640.jpg)
![Apple Seeds tvOS 18.4 Beta 4 to Developers [Download]](https://www.iclarified.com/images/news/96743/96743/96743-640.jpg)
_Brain_light_Alamy.jpg?#)
![[The AI Show Episode 139]: The Government Knows AGI Is Coming, Superintelligence Strategy, OpenAI’s $20,000 Per Month Agents & Top 100 Gen AI Apps](https://www.marketingaiinstitute.com/hubfs/ep%20139%20cover-2.png)
![[The AI Show Episode 138]: Introducing GPT-4.5, Claude 3.7 Sonnet, Alexa+, Deep Research Now in ChatGPT Plus & How AI Is Disrupting Writing](https://www.marketingaiinstitute.com/hubfs/ep%20138%20cover.png)
![How to become a self-taught developer while supporting a family [Podcast #164]](https://cdn.hashnode.com/res/hashnode/image/upload/v1741989957776/7e938ad4-f691-4c9e-8c6b-dc26da7767e1.png?#)
.jpg?width=1920&height=1920&fit=bounds&quality=80&format=jpg&auto=webp#){kind=tracking}
should I expect user being signed out from web app on browser close or computer shutdown? [closed]
I am testing a web application currently under development. I delliberatelly omit to press the 'Sign out' menu button. Instead, I do one of the following actions: close the browser tab with that application close the browser shutdown/restart the PC In all 3 scenarios, when I re-enter the url of the application, I find myself already logged in. (of course, when closing a tab, I felt more natural, but after PC restart I felt intrigued to find myself still logged in) I've tested and found that other platforms exibit the same behaviour: gmail, outlook, stackoverflow, github, gitlab - all keep their users logged in even after PC restart. My main concern is security: I am worried that the user might go to a public location and sign in on a shared PC. After he leaves, somebody else inspecting the browser's history might enter the application on behalf of that user. 1. Is it acceptable that I mark this behaviour as a bug, and still demand that a browser close or a PC restart would sign out the user ? What possible alternatives do I have ? So far, I've found only one: sign out the user after an ammount of time of innactivity on the website. (actually, I also thought of a feature like 'Sign me out on from all locations', but it feels difficult to implement and I would rather ignore this option for now)
![should I expect user being signed out from web app on browser close or computer shutdown? [closed]](https://cdn.sstatic.net/Sites/softwareengineering/Img/apple-touch-icon@2.png?v=1ef7363febba)
I am testing a web application currently under development. I delliberatelly omit to press the 'Sign out' menu button. Instead, I do one of the following actions:
- close the browser tab with that application
- close the browser
- shutdown/restart the PC
In all 3 scenarios, when I re-enter the url of the application, I find myself already logged in. (of course, when closing a tab, I felt more natural, but after PC restart I felt intrigued to find myself still logged in)
I've tested and found that other platforms exibit the same behaviour: gmail, outlook, stackoverflow, github, gitlab - all keep their users logged in even after PC restart.
My main concern is security: I am worried that the user might go to a public location and sign in on a shared PC. After he leaves, somebody else inspecting the browser's history might enter the application on behalf of that user.
1. Is it acceptable that I mark this behaviour as a bug, and still demand that a browser close or a PC restart would sign out the user ?
- What possible alternatives do I have ? So far, I've found only one: sign out the user after an ammount of time of innactivity on the website. (actually, I also thought of a feature like 'Sign me out on from all locations', but it feels difficult to implement and I would rather ignore this option for now)
