Article ID: 2454326 - View products that this article applies to.
When a user doesn't 1) log out from outlook mail or 2) close the browser window then the next user in the same machine who re-uses the same browser session is able to access the first user’s mail. This will occur even if the first user closes out the browser tab.
Windows LIVE ID session needs to be logged out properly or the browser window with the user’s credentials needs to be closed. Failure to execute at least one of these actions will cause another user to reuse the browser window and gain access to the first user’s email.
The proper way to sign out from Outlook Live is to perform a logout on the service. To be thorough the user should close the browser window altogether to remove any remaining cookies with the user’s credentials.
A partner creating a custom mail client can also force a windows live logout of the previous user(user1) before another user (user2) logs in into the same browser session. This can be accomplished as follows:
Since user1 doesn't log out properly and doesn’t close the browser window, the session cookies still persist in the browser window allowing user2 to logon to user1’s mail in the same browser session.
Article ID: 2454326 - Last Review: October 27, 2010 - Revision: 1.0