Is the logout button obsolete?

I must be a nerd because web site security worries keeps me awake at night. Tonight I was worried about particular web site designs that might discourage users from logging out and I was curious about how many users were actually logging out.

I checked a couple of systems that I have access to, and the numbers aren’t good. I sorted through the web server access logs and counted (using the unix wc program) the number of times that the login script was accessed verses the number of times the logout script was accessed.

The ratio of logins to logouts isn’t good. One website I checked only had logout numbers that were 2% of the login numbers. Another site did better, but the percentage only went up to 20%. This means that 4 out of 5 users aren’t logging out through a logout button.

The number of users who logout through clearing their cookies, either manually or through quitting their web browser application, is a much more difficult number to ascertain. It is also hard to gauge how may users may be the only user with access to a computer and are thus not even interested in logging out.

Websites which integrate the logout button as a critical element of their web site security plan should re-evaluate their plan.

Related posts

1. Adobe Error
2. BYU releases new web site look
3. Broadband usage grows
4. Avago’s site search
5. New type of address encoding