Do you logout from websites when you’re finished using them?
Before we talk about Joomla, ask yourself how often you logout of websites after you’ve finished with them?
I would suggest that most people who have to login to a website to transact some business (e.g. buying products online, doing your banking or using discussion forums) never bother to logout. They simply close the browser tab/window when they’re done and let the server that hosts the website expire the session. Unless you’re using a device that others may have physical access to, there’s a minimal security risk by just clicking a “close this window” gadget.
As far as logging into the backed of my Joomla websites is concerned, as a general practice I logout when I’m done before I close the browser tab/window. I’m not sure why I do this but it’s just my way of operating. I’m not as thorough, though, when I’m logging into the frontend of a Joomla website.
Often, it seems, problems arise when logging in if the session wasn’t properly terminated or problems arise when logging out. We’re usually oblivious to these problems until someone else reports them. “Hey, website owner, I tried to login but I couldn’t” or “Hey, website owner, when I logged out I got an error message.”
Embarrassing, isn’t it, when someone else finds a problem that you were not aware of because you didn’t test it yourself!
I’ve been involved in many topics on The Joomla Forum™ where people discuss problems with logging in and logging out. I confess that I don’t have most of these problems but, then again, I also have to say that I don’t use the same kinds of environments used by others. For example, only a couple of days before writing this article there was a discussion on the forum about logging out using a version of PHP that I don’t use, a template that I don’t use … on a multilingual site; I don’t have any multilingual websites. I’m therefore not very useful in such situations.
However, it still leaves me with questions about whether people test the “normal activities” of logging in and logging out with new releases of Joomla. The testing instructions simply say
Test all the things you normally do on your website. Check the backend and frontend.
There’s also a checklist of items to test.
So, when it comes to testing new versions of Joomla, it’s not a case of install the new version and see if it installs OK and doesn’t fall over within five minutes. It’s a case of “Test, Test, Test” and not leave it to your users to write, “Hey, website owner, your website is full of bugs.”
This article is based on the author's previously published work posted at the Joomla forum.
Thank you Michael - your article made me think about something that has just cropped up!
To this day I always end up logging people out in the admin control panel.
The other day though, I had a message from a site user saying that they were a bit worried that there was an edit button allowing them to edit whatever they want, not just on the one article. They'd never seen it before and were more than a bit concerned.
We have never used frontend editing and although the necessary access levels are in place, we've always used the backend.
I was sure it was a simple case of logging them out from the backend myself which I did. But they later came back and said they could still see the edit button. I tried this several times to no avail.
I then remembered that a few days prior to this issue I had sent a link to a registered page for review and they had logged into it. Is this a bug, is it a server thing, what's changed recently I ask myself - it's never cropped up while we've used Joomla?
Next port of call was the Joomla forum. After a bit of digging around I spotted a thread about the "Remember Me" plugin.
From that moment I realised what was going on and added a login module to the page and asked them to logout. The issue went away and the plugin is disabled.
I learned a few things from that experience:
- Ease of use often outweighs procedure or training. To test for what people might do, not just what you want them to. An issue is not necessarily a problem. The problem is more often that we don't understand Joomla! functionality After using Joomla! for 10 plus years my knowledge of Joomla!, beyond what I do with it is actually less than it ought to be. To people that don't know, good information and a friendly reception helps engage and retain Joomla! users. Issues that are shared in forums and between colleagues become opportunities to learn, not problems.
I, like Michael, logout when finished, but also I never use remember me options and always refuse the browsers prompt to save the login details. This is perhaps more because I'm used to logging out those that haven't and checking in articles checked out by users taking the easy option to get out.
By accepting you will be accessing a service provided by a third-party external to https://magazine.joomla.org/