If the user logged in with the "Use these credentials
for all servers" option selected, then the "logout"
button, essentially... doesn't. Well, yes, technically
it will log you out of each of the dbs you're logged in
to, but then if you select any db, it will
automatically log you back in. There is *no functional
difference* between being logged out after selecting
"use these credentials" and being logged in.
Quitting the browser actually does the right thing, but
closing the tab or window does not.
This is a security issue, for the simple reason that
the user is lead to believe they are "logged out" (and
will stay logged out), when in reality anyone who uses
that browser window has their credentials!
Please make the logout button DTRT.
Log in to post a comment.