Just close it
Sorry if I am being stupid (I do not have a Hotmail Account) but surely you can just shut the browser.
Unless of course they are also not timing you out so you can never log back in again :-)
Hotmail users are now unable to log out of their account if the browser they are using does not accept third party cookies. The move by Microsoft raises security concerns, particularly as PCs on corporate networks and in cybercafes and libraries are often set to reject cookies. The error screen* that greets users who try to …
If you quit the browsers then how can the web server know that you have quit? Answer: it doesn't. So anyone can subsequently access your hotmail account from any PC without even having to log in. As far as hotmail is concerned you're still logged in and further authentication is not equired to access to read or send mail.
Think about it folks.
Maybe Microsoft should read its own downloadable white paper [1] which clearly states: "Working from a public browser may pose a serious security risk if users fail to logout. It is essential for an SSL VPN to provide time outs that terminate the remote access session due to inactivity, and/or force re-authentication after a pre-defined time period thus minimizing the window of opportunity for hijacking or taking over an abandoned session."
Then maybe they can explain why they have implemented a business practice which violates their own "best practices" for minimizing security risks.
[1] http://download.microsoft.com/download/F/0/2/F0229C11-B47E-4002-A444-60207C6E11F5/SSL%20VPN%20for%20SharePoint-WP-200702.doc
I just enabled third party cookies in order to completely and finally log-out of my (unimportant) hotmail account for the last time. Ever. I then returned my setting to block third party cookies and cleared my cookie cache.
What a stupid business model: offer something free then make it so unappealing to customers with even a small degree of technical understanding that they ditch it in droves. No wonder so many people hate them.
Closing the browser window does NOT log you out ... it just closes the browser window. As RotaCyclic noted (although some correction is required), the website's database doesn't know you have logged out until IT processes that data ... which Hotmail apparently will not do until you accept third-party cookies.
RotaCyclic, other people cannot get to your Hotmail session unless they are on the same computer you were using. The "logged in" cookie or session identifier only relates to that single system ... not every other computer on Earth.
This is not much of a problem for people who know their way around their web browser. All you need to do is accept the third party cookie, finish the logout, then delete the third party cookie. A cookie is only useful (a) if it exists and (b) if it is read after it has been installed. If a website sets a cookie, but there is nothing to read after that, then all that website knows is that they set the cookie using "x" data. The cookie and its data is useless unless it remains on the system.
In the old days, I couldn't fully sign out if I was using Safari - it would sign me out of Hotmail, but not MSN at large.
Anyway, I thought the whole point of cookie-authenticated logins was that the cookie is _deleted_ at logout, not replaced by one that says "logged out".
my Hotmail was hacked 2 days ago and emails containing links to malware were sent out to all of my contacts.
I know this because the numerous invalid email addresses in my contact list caused a flood of bounces into my inbox. The sent folder contains the original emails, so they were definitely sent from hotmail, not via an open SMTP gateway.
All my systems have up to date antivirus AND malware scanners which say there is no malware on my system. I've scanned them all with antivirus from a number of reputable vendors, but nothing has turned up.
Yes, some of us still use Hotmail. And a zillion users still have Hotmail accounts, if only because of MSN Messenger. I shifted most of my email stuff to Gmail, as MS took too much time realizing that 2Mb was a laughable size for an inbox. Even when they started giving out 250Mb inboxes, it still reeked of stupidity; they restricted it to US accounts while any John Doe could open up a Yahoo or Gmail account.
By the time Hotmail started offering 2Gb inboxes, Hotmail was forgotten. If it weren't for MSN Messenger, it would already have gone dead, just like Geocities.
Anyway, cookies to log out? Stooooopid.
If you absolutely have to use Hotmail or anything else connected to MS's online offerings for something (why? Seriously, I'm curious ...), see Subj: line ... Login to Hotmail in a "private" session, do your business, log out, then go back to whatever you were doing with no trace left on your computer. Open another instance of Firefox for private browsing if you need to copy & paste between Hotmail and another web page.
[1] Look under "tools" on the menubar, if you're unaware of the option ... Follow your nose, it's pretty much self-documenting.
I created a hatemail login to reserve my name in -- ooh, 1999? -- and decided it was horrid. Then it became spam central, theft central, and they started changing it every 15 minutes.
I have been paying for webmail from mail.com since 1997, and it just works. No spam, no security problems, reasonably straightforward technical support.
Don't freeload off Redmond, lads and lasses. They don;t know what they are doing.
Large corporations always have conflicts of interests.
Microsofts here is the conflict between being an OS provider and trying to provide security and opportunities to disable 3rd party cookies, etc;
and being a service provider and media company (with bing too) where they want to take advantages or rot like 3rd party cookies.
I'm sure that hotmail doesn't suddenly need 3rd party cookies to know you've logged out, but I'm sure part of Microsoft suddenly has a need for Windows users to start accepting 3rd party cookies, and the hotmail department is being used to "make it so".
Sam
Hi Chris,
I’m the product manager for Windows Live ID. Thanks for calling this out, and I wanted to take this opportunity to outline the reason you are getting this experience. The comments above cover most of this, but here is the official word on why we write our cookies to multiple domains to:
- Give users a good experience with single sign-on, so they can be authenticated to multiple sites (e.g. MSN, Xbox Live, Windows Live, Bing) at once without having to retype their password
- To help protect user security, by separating the authentication cookies that are used for different services. If a cookie in one domain is compromised, it means that user assets in another domain won’t be compromised
During sign-in, we redirect to the right domain so that the cookies can be written in first-party context. It’s only during sign-out, where we need to clear cookies from potentially many domains that we have login.live.com clearing cookies in other domains via the invisible GIF solution (more info http://msdn.microsoft.com/en-us/library/bb676640.aspx). We are actually removing cookies in this scenario, but it’s interpreted by browsers as using third party cookies.
thx
Angus Logan
http://blogs.msdn.com/angus_logan