Log OutWhat to Check For

Verify that all pages that use authentication have logout links.

Why

Placing a logout link on every page that requires authentication helps the user end the session when he is done with the site. Ending the session helps prevent hijacking.

How to Check

To verify that all pages that use authentication have logout links:

  1. Identify all pages that use authentication. Make a list of all pages on your site that use authentication.

  2. Verify the presence of logout links. Examine each page that uses authentication to make sure it has a logout link in a location that can be found intuitively.

How to Fix

To place a logout link on each page that uses authentication:

  1. Identify all pages that use authentication. Make a list of all pages on your site that use authentication.

  2. Add logout links. Add a logout link to each page that uses authentication.

Get the Newsletter

Every two weeks we'll send you our latest articles along with usable insights into the state of software security.

Posts by Topic