We are currently testing a web banking system and have queried the following functionality, at the moment though development, testing and the business cannot agree with the correct approach. We have reviewed other banking sites, although some sites do use this functionality and some do not.
1. Open a web browser and log in to your internet banking site.
2. Open an additional browser (Same browser product) and go to a unrelated web site (For example www.SQAforums.com).
3. Close the browser with the internet banking site currently open.
4. Open a new browser and then close the second browser currently on the unrelated site. In the new browser navigate to the last page of the internet banking page you were on (Through your history or you navigation bar).
5. You are still logged in to the site and do not have to re-enter any security details.
We would appreciate your thoughts and opinions on this , as to whether it is an issue or not (Please bare in mind anybody using the site after point 5 can withdraw money and have full access to all customer data for that log in session)
Re: Auto log out when you have multiple browsers open
When it comes to my money... The more security the better.
If the original session is closed (i.e. the original browser is closed) then the session should be over and MUST be re-verified to bank again.
If this or any response has helped you, please reply to the thread stating that it worked so other people with a similar issue will know how you fixed your issue!