All Pages that Use Authentication Have Logout Links

Posted by Serge Truth on September 27, 2011 at 10:37 AM

Log OutWhat to Check For

Verify that all pages that use authentication have logout links.

Why

Placing a logout link on every page that requires authentication helps the user end the session when he is done with the site. Ending the session helps prevent hijacking.

How to Check

To verify that all pages that use authentication have logout links:

  1. Identify all pages that use authentication. Make a list of all pages on your site that use authentication.

  2. Verify the presence of logout links. Examine each page that uses authentication to make sure it has a logout link in a location that can be found intuitively.

How to Fix

To place a logout link on each page that uses authentication:

  1. Identify all pages that use authentication. Make a list of all pages on your site that use authentication.

  2. Add logout links. Add a logout link to each page that uses authentication.

Topics: developer guidance, application security

Serge Truth

Written by Serge Truth

Serge is a Content Lead here at Security Innovation. He is an IT and Information Security professional, certified by the Committee on National Security Systems Instruction.