Should logging out delete ALL persistent sessions?
Hi guys not been here for a while. The forums seem to have changed massively since I last posted!
An application I am developing has one of those "remember me for 30 days" features.
When a user logs out their persistent session is currently remembered. This means when they return later they are still automatically logged in. Does this idea seem right to people? Should logging out also destory your persistent session?
The system is also designed so that a user can have multiple persistent sessions mapped to a single username. When they log out should all of the sessions on other browsers/systems be deleted too?
Thanks for the feedback.