Close your browser windows after checking stats

Great catch! Shouldn't logging out instead of closing the browser also accomplish the same thing?

Definitely seems to be a new issue, but I am sure they are working on the fix.

I did some checking, and both clicking the logging out link and closing the browser window works to fix it in the meantime.

What are you doing checking stats on an unsecured computer?

Shouldn't logging out instead of closing the browser also accomplish the same thing?

It should but it doesn't.

clicking the logging out link ... works to fix it in the meantime

It should but it doesn't.

Maybe there's something I'm nissing, but this should be a non-issue. If others share the same PC that you use to check your stats you're just asking to get booted for "clicking your own ads". There is a strong possibility of it anyway.

If you're the only one who has access to the PC, this back button behavior shouldn't matter.

It seems to auto-logout after 30 minutes have passed. It always seemed to be much faster than that, lol. Anyone still finding the problem after more than 40 minutes has elapsed since the last account action? I am currently rechecking, but it will be another 40 minutes to know, lol.

<added>Yes, it did auto-logout when I went back.</added>

drbrain, birdstuff you're missing the point. I'm pointing out a new vulnerability that others may not be aware of. What makes you think I need your patronising advice on security?

What makes you think I need your patronising advice on security?

I wasn't offering advice on security or attempting to patronize. I'm sure you're knowledge in that area far exceeds mine.

I was merely noting that anyone who checks their stats on a shared PC is putting their AdSense account at risk anyway so in the end this security hole is probably a moot point.

anyone who checks their stats on a shared PC is putting their AdSense account at risk anyway

No, they're not. My neighbour shares his PC with his wife and four year old son. To date he believed that logging out was safe enough and that his son couldn't log in without first typing in an email address and password - beyond the capability of his four-year old. And, to date, that was safe.

This new vulnerability means that his logging out is not enough, his son could click a couple of backspaces and then be in the "account information" screen. A lot of changes there can happen just by innocent clicking around. I've got a two year old who's quite adept with the mouse.

There may be other webmasters who work with trusted colleagues/family members and may not feel the need to be paranoid about security. I am one of them. It may well be, like in my case, that they are accustomed to "trusting" the log out facility which did used to work.

The logout works here as expected. When I hit the back buttom, I always get redirected to the login page.

The logout works here as expected

That's interesting. I've just checked it in both IE and Firefox and it's still happening.

Where are you based? Any theories on why you are getting different results to Jenstar and myself?

Marco

If just tested this, using IE and:

If I go in and check stats for example, then log out, I return to the adsense login page.

If I then hit the back button I am returned to the stats page that I have just viewed.

However, if I then say, select Last Months stats to view, I am returned to the login page where once I log in am then returned to view Last Months stats.

So it appears that you can click the back button and return to where you were, but can't make any changes/alterations without logging in again.

HTH

Graham

I'm not sure ( cos I am not running adsense so cant test in "real" but ..) are you sure that when you "backpage" you are not just looking at a "cache page" on your own computer and that the attempt via that page to alter data on googles side cannot acheive anything as it would have to "reload" to alter data ..

I may be way wrong ..but this might explain why some of you see one thing and others another?

Leosghost, that's exactly what I thought yesterday but, as Jenstar will probably agree, you did have full access and not just to cached data.

But it seems to have a limited fix now. If instead of logging out you go to a page in your favourites... then you can still go back and see non-cached data. The fix is as per msg #3 above.

If you have two accounts, then logging into the second account does log you out of the first one automatically but you don't get logged out of the second one till you do it manually .... or close the window.

No, they're not. My neighbour shares his PC with his wife and four year old son. To date he believed that logging out was safe enough and that his son couldn't log in without first typing in an email address and password - beyond the capability of his four-year old. And, to date, that was safe.

You're missing my point as my post is addressing the possibilty of someone else using your PC and clicking your own ads (resulting in the dreaded email). The point is if soneone else uses the same PC that you use to check your stats, there is a possiblity that they'll click the AdSense ads on your site.

IMO this represents a more realistic threat to your AdSense account than someone else gaining access to the account itself.

I wasn't offering advice on security or attempting to patronize

The point is if soneone else uses the same PC that you use to check your stats, there is a possiblity that they'll click the AdSense ads on your site

Thanks for that amazing insight into the possibility of someone clicking ads on the PC I use to check stats. Damn, and here's me thinking you were patronising me!

Graham, can you try it without actually logging out? After you've checked your stats use that same window to type in a URL and visit other sites. Then try your back button.

This is a new behaviour. I've got no problem with logging out each time I use Adsense but, for those of you who don't - it's worth noting that something has changed and you do need to log out now if you want to disable back button access to the secure area.

That's all. I'm bringing an apparent change to the notice of the community. As simple as that. Can we please keep this thread on course and resist the temptation to discuss the causes of Adsense bans?

I still don't see how this is any different from any other situation where you have viewed secured sites. How is the web server supposed to know to invalidate your session if you don't log off?

Adsense must be treated exactly like you treat your bank, since you had to provide tax information to enroll in the program.

Adsense must be treated exactly like you treat your bank, since you had to provide tax information to enroll in the program.

I second that.
No need to blame Adsense, it is always YOUR responsibility when you visit a password protected site to take necessary precautions.

Like birdstuff said earlier, this thread is a non-issue (=wasted bandwidth).