Is it necessary to log out of a website in an incognito window if you’re just going to close the window afterward?

security passwords login cookies private-browsing

6,359

For most sites, it doesn't matter: you lose the cookies containing your login session, so any future attempt to access the site will treat you as never logged in (usually same as logged out).

However, this is not necessarily the only thing that can happen on logout. You could be holding server-side resources locked (e.g. a record only one person may edit at a time) that will not be unlocked until either proper logout or the session times out. This can take many minutes, hours, or even days depending on the app. Another case is if your account can only be logged in in one place at a time.

Therefore, overall, it is better to log out if you can, but for most sites there won't be a difference. Banking sites usually don't care.

6,359

S. Park

Updated on September 18, 2022

Comments

S. Park over 1 year

I use online banking, typically in an incognito window. I also use other, less important accounts in incognito windows because I don't want websites to be tracking me across the Internet (tracking cookies). I've read that for security purposes, logging out of websites is not necessary if you're the only person with physical access to your computer. If I always close the incognito window, is actually logging out of the website beforehand necessary?
- Ramhound over 5 years
  
  You are aware that incognito, is simply a session that is trashed when the last tab is closed, it does not actually prevent websites from tracking you. Facebook would within an incognito session be able to track you, if you allowed Facebook's cookies, incognito is for local privacy wasn't designed to stop tracking cookies.
- confetti over 5 years
  
  What @Ramhound said is mostly correct, however some browsers have cookies off by default for incognito mode. Firefox (iirc) has only 3rd party cookies (mostly what trackers use) off by default in incognito mode. What's important is what your actual settings say, there is no general answer and "incognito mode" does, all the memes aside, not make you magically invisible to everyone while you're browsing. There won't be a history locally on your PC, but even your employer (for example) or others on the same network could still get your browsing history.
- Ramhound over 5 years
  
  @confetti - I guess my point is that nearly all of the incognito modes work the same, the history is trashed once the final tab is closed. As you point out, what your ISP or employer can or cannot do, does not change by simply using incognito. You would have to combine incognito mode with a proxy and/or VPN, disable practically all cookies, and even then you run into the problem of the VPN/Proxy now tracking your habits. Which then leads you into using TOR browser, while connected to multiple VPNs that log nothing, within a VM that is trashed at every power on. Chicken and an Egg situation
- confetti over 5 years
  
  @Ramhound It really depends on what OP is trying to achieve in the end and who OP wants to hide from. In your scenario one might still be able to recover data from the harddrive, or the RAM. To simply defeat website trackers, NoScript is a good add-on that disables javascript among some other things that trackers usually use. I'd also like to rise awareness of LSO Cookies
- S. Park over 5 years
  
  Thank you for your thoughtful responses! I have three objectives here. 1) Save a little time by just closing incognito windows instead of logging out of websites in incognito and then closing the incognito windows. 2) Not have to worry about someone else being able to log into my account after I'm done using it. 3) Reduce the information that advertising tracking cookies have about me.
- S. Park over 5 years
  
  @confetti Thank you for including the link on Flash cookies. To clarify, if I have Flash disabled on my browser, I can prevent these cookies from being installed, right?
- confetti over 5 years
  
  @S.Park Without adobe flash those cookies can't be installed (AFAIK). You should check your browser settings, I don't know about chrome but with Firefox you can control exactly how cookies are handled both in normal windows and incognito windows. The default behaviour is that upon exit of private windows the cookies will vanish. Trackers use more than just cookies to identify you, though. Take a lot at ScriptSafe for chrome, it has a LOT of "anti-fingerprinting" features.
- S. Park over 5 years
  
  @confetti Thank you very much for getting back to me. I will definitely check out Scriptsafe.
S. Park over 5 years

Thank you for your detailed and helpful response. If I am understanding you correctly, as long as I am logged into a website that allows multiple sessions to be logged in at once, I do not need to log out. So if I open Gmail in an incognito window and then close the window, I can rest assured that my "failure" to properly log out will not allow anyone else to access my account.
tvdo over 5 years

@S.Park Closing incognito would mean you are no longer logged in, so any future user of your computer cannot access that session - effectively, Chrome forgets the secret key that tells the server who you are.
tvdo over 5 years

There is a minor security security difference if someone has already stolen your session cookie before you closed Chrome - logging out destroys that session (on the server side) immediately, denying them further use. But that's vanishingly unlikely on a HTTPS site; I wouldn't worry about it.
S. Park over 5 years

Thank you for your explanation! You have been really helpful. Not having to log out of a bunch of random websites will save me a lot of time in the future.