In IT, we often hear of security through obscurity, the reliance on attackers’ lack of knowledge rather than sound design. Unfortunately, as technical work continues to be farmed-out and otherwise devalued, we’re seeing spike in security through absurdity. I can attribute it only to a lack of ownership or stake in the job. Really, it’s complicated work to do security right, and it’s probably tough to keep up the good fight if the only aspect noticed by management is a slipping ship date. Still, I’m left scratching my head after seeing this error message. I understand security being overlooked in the design phase… and followed by inadequate testing during QA. But the fact that someone spent some time writing this very specific and well-worded error message indicates that the behavior it describes is intentional. I’ve spent the last fifteen minutes trying to think of just one sound and secure feature that could benefit from a cookie being written at logoff.
![[Google]]( http://www.dimcap.net/wp-content/plugins/easy-adsenser/google-light.gif)