3.5 Shows logout link¶
Verify that all pages that require authentication have easy and visible access to logout functionality.
Levels: 1, 2, 3
General¶
Check that the application provides a logout button and that this button is present and well visible on all pages that require authentication. A logout button that is not clearly visible, or that is present only on certain pages, poses a security risk, as the user might forget to use it at the end of his/her session.
Note that for larger applications it may be difficult to test all pages, try to find different areas or application flows of the application and check each one briefly.