- aku
- |
- Exalted Legendary Member
Mourne not your comrades who must dwell / too strong to strive -
Within each steel-bound coffin of a cell, / Buried alive;
But rather mourne the apathetic throng / The cowed, and the meek -
Who see the world’s great anguish and its wrong / And dare not speak.
[group]167741|Diner|Where's the food?[/group]
Well, you're right that B.net does not require you to log back in after a crash. But you're wrong in that no other site I tested requires you to log back in, either, including mail.live.com and xbox.com. How many times have you tested this to come to your conclusions, and what process did you use?
What probably happens is that since you got off without signing out, b.net (as well as the other sites) has no reason to believe that you aren't still there. So on their side, they have a little piece of information that says "user aku is logged in, and you can validate that it's him with this code". While on our side, the restore function brings up all the information from the past session, including the sites you were on, and the cookies that say whether or not you are logged in. So when you try to access the site, your computer tells their server "hey I'm logged in, this is my code". Usually, after a period of inactivity, that code will expire, so that their server would respond by saying that that code is incorrect, and asking you to log in again. But since you were logged in just a few minutes ago, the code wouldn't have time to expire, and as far as the server knows, it's no different than if you were to leave your window open for a few minutes.
I don't think that there is any way the site could even know that you left. In fact, after some testing, I don't think even FF can prevent that from happening. A crash is not considered to be a close, so those options aren't working. The only way to truly make sure that no one has access to your sessions is to delete your cookies, or manually close firefox with the options to "clear cookies on exit" checked.
This would rarely, if ever, be a problem though. Most school, and many other public, systems require you to log into a personal account in order to use a computer. So as long as you log out properly, the next person will have no way to access your information. Many other systems that do not have personal logins still have a general login. Information is typically not saved from one session to another on those systems. If you are ever using a computer that has no loging system whatsoever, you should probably just avoid entering in any sensitive information. Such a system is not very secure. But you could minimize it by manually deleting all cookies before leaving. If the computer unexpectedly crashes, just stick around long enough to get back to FF and delete your cookies.
This is all very over-the-top though. In reality, the odds on meeting a person who has any interest in your B.net account in a computer lab are so slim that I think I'd have a better chance of getting hit my lightning. I would be much more worried about my email and bank accounts, to name only a couple things.