-
shopping cart is not emptied after paying (even after closing and reopening)
-
no re-authentication required
-
access public machine and look in history if someone forgot to logout on any website
-
client side:
-
logout from everything when using public machines
-
use private browsing when using public machines
-
(don't use public machines)
-
server side:
-
establish session cookies
-
(clear shopping cart on buy)