So, with most webmail tools, if you hit the “logoff” button, no amount of URL tomfoolery will allow a nefarious person to re-connect to your mailbox from the browser or session without your password.
This is As It Should Be.
I’ve just noticed, however, that Outlook Web Access apparently sees it differently. When you hit the logoff link in OWA, you get this warning:
At this point, the URL has shifted from our base OWA URL to something that ends with “/auth/logoff.aspx?Cmd=logoff”, which gives the user the distinct idea that their session has been zapped safely. Sure, it’s probably safer to quit the browser at this point, but in this age of weeks-long uptimes for even Windows boxes, who does that?
I sure don’t. However I just had a need to log into our support mailbox, and haven’t used OWA in at least 24 hours. The minute I pointed Safari at OWA, I was looking at my inbox. No login. No challenge. No nothing.
What the fuck?
I have not seen this behavior. Have you selected that the computer is public or private at logon?
They DO care, citizen-comrade-unit. Why are you being unmutual? The intrenets is a scary place with pedobears and cougars and Alaskans at every turn waiting to get in there and mess with your hard-earned data, transferring it to some Nigerian estate-executor-warlord in the Cayman Islands who will, in turn, lovingly craft it into tasty and nutricious Spam. And who doesn’t love Spam? Now in convenient single-serving packs in your local grocer’s canned-meat aisle. Mm-mmm, I loves me some Spam!
There’s no opportunity for that.
Visit OWA in Firefox. Try to log off. Close the window, but don’t quite FF. Open a new window, and point it to OWA. Bingo.
hmm..this is not reproducible on IE. I’ll load up a VM with firefox and see. If I can’t reproduce it with that I’m afraid I’ll have to elevate you to tier 2 in Pakistan.
Behaves appropriately for me on firefox as well. Perhaps you got something effed server side…it does not make sense to me that your owa homepage does not ask for a public/private security selection.
Dunno. Happens reliably for me on Safari and Firefox on my Mac. It’s just MS being sucky, basically.