>>The whole thing seems to be a side effect of the UT nearly unique characteristic of not being able to log off. The logon stays alive until the browser is closed.
>
>This is session based, so, yes, as long as the browser is not closed, all instances of it, the connection will persist. Or, if someone checked the Remember me option, it will force to write the cookie on disk and will remember it when restarting the browser.
Do you know if that opens up any XSS vulnerabilities that either you, or UT users, should know about?
Regards. Al
"Violence is the last refuge of the incompetent." -- Isaac Asimov
"Never let your sense of morals prevent you from doing what is right." -- Isaac Asimov
Neither a despot, nor a doormat, be
Every app wants to be a database app when it grows up