How on Earth do I log out of my Apple Store account?

I used to be able to search diligently and finally find something on which to click, but I've come up empty-handed today.

I've quit Safari and cleared cookies and caches, all to no avail, and I couldn't log out from Firefox either.

Thanks for what will likely be an embarrassingly obvious answer.

Edit: I've just discovered that navigating away from my account , to, for instance, the Apple Store, apparently leaves me still able to access tracking and other info but also necessitates my logging back in to change settings.

Is that actually the answer, or is there a logout button somewhere?

Sorry I read your post to quickly and answered to itunes, not apple store on Safari

On the App Store menu bar Store > Sign Out

Thanks, but we're on different wavelengths, because I'm talking about the Apple Store, not the App Store.

Here's the sequence of events that leaves me stymied:

1
2
3
4
5

Steps 1 through 4 leave me at the page pictured in step 5, where there is no apparent way to log out, the only, and thoroughly intuitive, way I've found being to navigate away from the page, which leaves me unsatisfied unless I take the extra steps to navigate back to step 4 to make sure the password dialog box presents itself again.

(Without experimenting, because results will be inconsequential, I'll now guess that quitting Safari, probably perhaps even just clearing cookies and caches, will turn the trick too, but in an equally unsatisfying manner.)

As far as I can tell there is no visible way to log out from the store. I was already logged in to Apple Discussions but went to the Canadian Apple Store, logged in there to access my account, added an item to the basket, closed the tab, went elsewhere for a while, came back to the Apple Store and was still logged in. I was able to log out from just the Apple Store and clear the basket by deleting the relevant cookies – I use iCab and the cookies are sortable by "most recent".

To check out your concern, I opened the Apple Store in Safari and clicked on My Account. I was immediately taken to My Account home page apparently as if I were logged in. However, when I tried to do anything, I was immediately asked for my Apple ID password. I could not make changes, or even access account data without entering my password.

I entered my password and made a minor change to my account, then closed the Safari tab, not Safari. I then opened a new tab, went to the Apple Store and My Account. Once again it appeared to all intents and purposes that I was logged in, but whenever I tried to access personal data or change anything or place an order, I was immediately prompted for the password to my Apple ID account.

When viewed from the top level, it could appear that once you logon the Apple Store is open and your account unprotected, However, on closer examination, it appears my account is reasonably well protected with no need to Log off or delete any cookies. On the other hand, I may have to enter my password multiple times during a session. The protection is simply being applied at a lower level as you drill down into the site. This is true with Express Checkout as well.

Thanks for confirming that I'm experiencing unexpected expected behavior.

Don't you find it not just unintuitive, but annoyingly unsatisfying to not be made aware that you've been logged out of your account? (Have you ever experienced similar behavior anywhere else? I haven't.)

Edit: As has been previously noted by you and MarkG (before he deleted the body of his post), both the App Store and the iTunes Store use traditional log-out procedures. Is there any reason you can think of for the Apple Store 's procedure to be so weirdly different?

I am not sure I would call Apple's process unintuitive as much as uncommon and therefore unfamiliar. I have encountered one or two other sites that use a somewhat similar security scheme although at the moment I can't remember where. They are not sites I use often and were not remarkable enough to cause me to remember them. Although Apple's scheme is uncommon, it seems to me to be the more secure option, because there is zero need to log out. You unlock a function only long enough to perform a specific transaction and as soon as that transaction completes, everything is automatically re-locked with no action required on the part of the user.

I have to admit I too often neglect/forget logging out, leaving my session active and vulnerable until it times out on the site. Far too many sites neglect to time out or only time out after a long period of inactivity thereby dramatically increasing my window of vulnerability. With Apple's scheme of tying the authorization (password entry) to a transaction — information retrieval, purchase, etc. — the window of vulnerability is reduced to an absolute minimum. The only downside I see to Apple's scheme being the potential inconvenience of having to enter the password multiple times during a session on the site. That minor inconvenience seems to me a small price to pay for improved security, especially in today's increasingly hostile online environment.

I did some testing with a view to ascertaining the vulnerability that would come with use of a public computer. From the Account Home page, after clicking Update your Apple ID email address and password, entering my password, and accessing the page in question, I loaded a different (non-Apple) page in the same tab, then used Safari's Back button. That resulted in this dialog; when I clicked Send, I was in fact returned to the same secure page, with the confidential information displayed as before, and buttons to perform various account-related actions were fully functional.

'Fine,' I thought, 'I need to close the tab, as per Joe's scenario.' Having done so, though, I found that after opening a new tab, I was able to load the same secure page from Safari's History, and again, perform any relevant logged-in actions. I then went back to the Account home page, selected the link for the page I was experimenting with above, and was required, as per Joe's experience, to log in. But even then, I was able to load the page in question from Safari's History.

I don't think I'll be doing anything secure at apple.com from a computer other than my own.

And from the horse's mouth:

How do I sign out of the Apple Online Store?

I had not thought of the history aspect, but it make sense things would work that way. In fact it would get enormously more complicated for it to work otherwise. Now I understand my bank's insistence that you not only log out of the account, but also quite the browser after each session. That also means it would be advisable to quit your browser after any and all sessions where you log onto an account and any personal or financial data is involved.

Personally, I never use a public computer, relying instead on either my iPhone or iPad, but the way iOS devices multitask means every logon is vulnerable unless you first close and then quit the browser or other app, a somewhat cumbersome and time consuming multi-step process.

What is needed is an extension to HTML and/or JavaScript that would force the user to log out of a site any time a window is closed, a user clicks away from a logged on page, or quits the browser. Even better would be to force the browser to shut down (thereby dumping the history file and caches) when you log out.

You're right....and that's been my M.O. for quite a long time. I even go so far as to quit the browser and re-open it prior to logging into any sensitive accounts.


But not nearly as time-consuming as fixing the problems when somebody gets access to your information.

Sorry for taking so long to respond to you and the others who've contributed to this thread... I'll cover everybody in one post.

I still find it unintuitive that Apple's procedure for logging out of your account is not "fail-safe," i.e. leaving the page leaves you in the dark about where you actually stand, unless, of course, you've read Dermot Trellis's linked doc, but, on the other hand, the idea of having to search for a kBase doc to find out how to log out of your account is unintuitive in and of itself.

And as for quitting your browser, don't forget that (with Safari, anyhow) quitting does not automatically clear cache, which, I believe is a security loophole in and of itself.

it WOULD be interesting if there were some way to determine what "session cookies" / session data was being retained by the browser at the moment, destened to be thrown away when you quit your browser.

anything like that available or possible?

I wonder if it was possible with Safari 4's detailing of your cookies (as opposed to Safari 5's merely telling you that you've got cookies and thumbing its nose at you)?

Safari 5 seems to me to be a sellout to the "trackers."