What to Check For
What to Check ForVerify that all pages that use authentication have logout links.
Why
Placing a logout link on every page that requires authentication helps the user end the session when he is done with the site. Ending the session helps prevent hijacking.
How to Check
To verify that all pages that use authentication have logout links:
-
Identify all pages that use authentication. Make a list of all pages on your site that use authentication.
-
Verify the presence of logout links. Examine each page that uses authentication to make sure it has a logout link in a location that can be found intuitively.
How to Fix
To place a logout link on each page that uses authentication:
-
Identify all pages that use authentication. Make a list of all pages on your site that use authentication.
-
Add logout links. Add a logout link to each page that uses authentication.
