Nicolas Alvarez wrote:
> You mean Remove private data, Authenticated sessions?

No. Tools->Options->Privacy->Passwords.  Exactly where you'd expect it.

Authenticated sessions are SSL cookies, nothing to do with passwords.

> How do I log out of *one* website?

Tools->Options->Privacy->Passwords - remove the password for that site.

> How can a website automatically log you out after inactivity? (cookies 
> have expiration date)

With the normal HTTP login mechanism, you're logging in every time you 
fetch a page, so the question is meaningless.

If you're inactive, why does the web site need to "log you out"?  Why 
can't it just discard your session, empty your shopping cart, or 
whatever else it does when you normally "log out"?

How does the web site keep you from saving the password in Firefox for 
more than 30 minutes, forcing you to retype your user name and password 
if you're idle too long?  How does the web site keep you from leaving 
the password-protected page on your screen after too much inactivity?

BTW, cookie expiration is enforced by the browser, not the server. Try 
expiring a cookie on most cell phones. Hint: It doesn't work.

> Isn't it safer to send a cookie with a session ID back and forth than 
> sending your actual username and password on every page request?

No.  Cookies can be hijacked. MD5 message digests can't.

-- 
   Darren New / San Diego, CA, USA (PST)
     "That's pretty. Where's that?"
          "It's the Age of Channelwood."
     "We should go there on vacation some time."

Post a reply to this message