jgarci40
commented
4 years ago This may be inconvenient, but it protects the user more than it puts the user at risk of an attack.
Closed eetian closed 4 years ago
jgarci40
commented
4 years ago This may be inconvenient, but it protects the user more than it puts the user at risk of an attack.
zihuaweng
commented
4 years ago @eetian Thanks for pointing it out. But I can't see how this makes the website vulnerable to attackers.
eetian
commented
4 years ago It impacts the user experience, not a vulnerability issue. Closed.
After logging in, when I open another tab and enter "http://localhost:8081/logout" in the browser, the user is automatically logged out, and the session is terminated. We can imagine a situation where the user accidentally clicked a malicious random page that contains a link for the above url using the same browser, the user will be logged out without his or her knowledge.