Logging out of websites and cookies

[spazrabbit2000]

I have what might be a silly question.

Does logging out of a website erase information stored on the site's cookie?

More specifically, I have this scenario:

I mean, let's say I visit Amazon.com or e-mail, and then log out. Then, a hacker gets into my computer. Will the hacker be able to steal information from the cookie, or will he not because I logged out before he got into my computer?

Thanks!

 

[tashi]

Hi there.

You can set your browser to delete private data upon closing.

Firefox Settings: Tools > Options > Privacy.
Or a quick way: Tools > Clear Private Data.
This will also clear passwords.

Opera Settings: Tools > Preferences > Advanced > History/Cookies.
Quick way: Tools > Delete Private Data.
Again, that option will delete passwords.

Internet Explorer: Tools > Internet Options > General > Browsing History.

Also see our cookie FAQS for this site, and So how did I get infected in the first place?

Hope that helps.

 

[spazrabbit2000]

Hmm. Yes, I do know that about cookies, and how to delete them.

What's unclear though is whether logging out of a website clears password information stored on a cookie.

I know that after logging out, the cookie file is still on my computer. But what information is left on it after you log out? Is the password on there, even if you didn't tick a "Remember me" box?

Thanks. 'Cause I really have that scenario (1st post) in mind.

 

[daemon]

There should never be a password saved in a cookie. The cookie for a "Remember me" function just contains an ID that identifies you (well, "your web browser" to be more precise) as someone who already entered the correct password in the past.

How long this information is stored depends on the web application in question and on the browser settings. A filtering proxy like Privoxy between your web browser and the web server may also alter this setting.

There is no standard for what happens when you log out of a web site. Cookies that store "Remember me" information only make sense, if they are saved for some time. Otherwise you can not be remembered.

Stefan

 

[spazrabbit2000]

Thank you for making it all clearer. It's good to know that the trojan I got was never able to grab a password from my cookies!

 

[tashi]

Hi again,

Posting the link to your topic in the malware removal forum so we have the bigger picture.

http://forums.spybot.info/showthread.php?p=165329#post165329

Best regards.

 

[md usa spybot fan]

spazrabbit2000:

Thank you for making it all clearer. It's good to know that the trojan I got was never able to grab a password from my cookies!

You missed a point:

... The cookie for a "Remember me" function just contains an ID that identifies you (well, "your web browser" to be more precise) as someone who already entered the correct password in the past. ...

In other words, with a copy of certain cookies someone could conceivably pose as you on the site that the cookie was from and enjoy almost the same level of access to that site as you have.

 

[spazrabbit2000]

Oh...hopefully that didn't happen.

Thanks for the info.