There was a session on this topic at the Apereo conference: http://lanyrd.com/2013/apereo/schwpd/
Andrew Petro suggested either 1) Changing the message to tell users to logoff from the OS or lock screen when they want to leave their seats. 2) A coronal mass ejection For your own browser, if you turn off the "restore sessions upon restart" feature, then you don't get that behavior, at least in chrome and I think FF. david > -----Original Message----- > From: Trenton D. Adams [mailto:tre...@athabascau.ca] > Sent: Monday, July 08, 2013 4:49 PM > To: cas-user@lists.jasig.org > Subject: [cas-user] closing your browser message > > For security reasons, please Log Out and Exit your web browser when you > are done accessing services that require authentication! > > > The above security message is no longer useful, and gives users a false > sense of security. Closing your browser will no longer remove the > cookie. Unfortunately, browser developers thought it useful to make > closing of the browser not constitute "end of session" anymore. I do > not know why they did this. I thought the cookie spec was very specific > about that, but it's been so long since I looked at it. > > Does anyone know of a way of making browsers honour what we all once > held dear? > > -- > Trenton D. Adams > Senior Systems Analyst/Web Software Developer > Navy Penguins at your service! > Athabasca University > (780) 675-6195 > :wq! > > -- > This communication is intended for the use of the recipient to whom it > is addressed, and may contain confidential, personal, and or privileged > information. Please contact us immediately if you are not the intended > recipient of this communication, and do not copy, distribute, or take > action relying on it. Any communications received in error, or > subsequent reply, should be deleted or destroyed. > --- > > -- > You are currently subscribed to cas-user@lists.jasig.org as: > david.oh...@emc.com > To unsubscribe, change settings or access archives, see http://www.ja- > sig.org/wiki/display/JSG/cas-user
smime.p7s
Description: S/MIME cryptographic signature