Home

Logout

Logout is the process of ending an authenticated session with a computer system or online service. It terminates access rights granted during a login and prevents continued use of the account from the current device.

In web applications, logout typically invalidates the server-side session by destroying session data and clearing client-side

Logout can be manual, where the user explicitly signs out, or automatic, triggered by inactivity timeouts or

Security considerations are central to logout behavior. Proper logout should revoke all active tokens and clear

Limitations exist, as some services maintain persistent sessions or remember devices. Users on shared or public

authentication
data
such
as
cookies
or
tokens.
The
user
is
usually
redirected
to
a
login
screen
or
a
public
page.
In
token-based
systems,
logout
may
involve
revoking
access
and
refresh
tokens
to
prevent
re-use.
other
security
policies.
For
services
that
use
single
sign-on,
logout
may
involve
the
identity
provider
to
terminate
access
across
linked
applications,
potentially
ending
sessions
on
multiple
platforms.
cookies
with
appropriate
attributes
(such
as
HttpOnly,
Secure,
and
SameSite).
Systems
should
address
risks
like
cross-site
request
forgery
and
session
fixation,
and
may
require
re-authentication
for
sensitive
operations.
Logging
out
from
all
devices
helps
prevent
unauthorized
use
if
a
device
is
lost
or
stolen.
devices
should
always
log
out
after
use
and
review
active
sessions
in
account
settings
to
terminate
any
remaining
sessions.
Regularly
updating
credentials
and
using
multi-factor
authentication
can
further
reduce
risk.