Suggest removing logout
alexlauerman opened this issue · comments
Alex Lauerman commented
Not sure if you want a PR for this, but I suggest removing potential logout URLs. They are a lot more problematic than useful in my opinion, and don't fit this targeted list well.
logout
logout.asp
logout/
Anton Lopanitsyn commented
@alexlauerman Often in these directories there is useful information. For example:
Set-Cookie: userid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/;
Set-Cookie: isadmin=false; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/;
If you want to go through directories with the active session, it is better to remove by yourself