|
|
Nicolas Alvarez wrote:
> You mean Remove private data, Authenticated sessions?
No. Tools->Options->Privacy->Passwords. Exactly where you'd expect it.
Authenticated sessions are SSL cookies, nothing to do with passwords.
> How do I log out of *one* website?
Tools->Options->Privacy->Passwords - remove the password for that site.
> How can a website automatically log you out after inactivity? (cookies
> have expiration date)
With the normal HTTP login mechanism, you're logging in every time you
fetch a page, so the question is meaningless.
If you're inactive, why does the web site need to "log you out"? Why
can't it just discard your session, empty your shopping cart, or
whatever else it does when you normally "log out"?
How does the web site keep you from saving the password in Firefox for
more than 30 minutes, forcing you to retype your user name and password
if you're idle too long? How does the web site keep you from leaving
the password-protected page on your screen after too much inactivity?
BTW, cookie expiration is enforced by the browser, not the server. Try
expiring a cookie on most cell phones. Hint: It doesn't work.
> Isn't it safer to send a cookie with a session ID back and forth than
> sending your actual username and password on every page request?
No. Cookies can be hijacked. MD5 message digests can't.
--
Darren New / San Diego, CA, USA (PST)
"That's pretty. Where's that?"
"It's the Age of Channelwood."
"We should go there on vacation some time."
Post a reply to this message
|
|