An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Previous Thread
Next Thread
Print Thread
Help!!!
#24831 01/25/13 10:40 AM
Joined: Aug 2009
Likes: 15
OP Online

Joined: Aug 2009
Likes: 15
How on Earth do I log out of my Apple Store account?

I used to be able to search diligently and finally find something on which to click, but I've come up empty-handed today.

I've quit Safari and cleared cookies and caches, all to no avail, and I couldn't log out from Firefox either. confused

Thanks for what will likely be an embarrassingly obvious answer.

Edit: I've just discovered that navigating away from my account , to, for instance, the Apple Store, apparently leaves me still able to access tracking and other info but also necessitates my logging back in to change settings.

Is that actually the answer, or is there a logout button somewhere?

Last edited by artie505; 01/26/13 06:40 AM. Reason: Correct bad info

The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: Help!!!
artie505 #24832 01/25/13 12:54 PM
Joined: Aug 2009
Offline

Joined: Aug 2009
Sorry I read your post to quickly and answered to itunes, not apple store on Safari

Last edited by MarkG; 01/26/13 02:45 AM.
Re: Help!!!
artie505 #24836 01/26/13 04:39 AM
Joined: Aug 2009
Likes: 16
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 16
On the App Store menu bar Store > Sign Out


If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Re: Help!!!
joemikeb #24837 01/26/13 06:53 AM
Joined: Aug 2009
Likes: 15
OP Online

Joined: Aug 2009
Likes: 15
Thanks, but we're on different wavelengths, because I'm talking about the Apple Store, not the App Store.

Here's the sequence of events that leaves me stymied:

1
2
3
4
5

Steps 1 through 4 leave me at the page pictured in step 5, where there is no apparent way to log out, the only, and thoroughly intuitive, way I've found being to navigate away from the page, which leaves me unsatisfied unless I take the extra steps to navigate back to step 4 to make sure the password dialog box presents itself again.

(Without experimenting, because results will be inconsequential, I'll now guess that quitting Safari, probably perhaps even just clearing cookies and caches, will turn the trick too, but in an equally unsatisfying manner.)

Last edited by artie505; 01/26/13 11:03 AM. Reason: Annotate linked screenshots

The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: Help!!!
artie505 #24839 01/26/13 12:37 PM
Joined: Sep 2009
Offline

Joined: Sep 2009
As far as I can tell there is no visible way to log out from the store. I was already logged in to Apple Discussions but went to the Canadian Apple Store, logged in there to access my account, added an item to the basket, closed the tab, went elsewhere for a while, came back to the Apple Store and was still logged in. I was able to log out from just the Apple Store and clear the basket by deleting the relevant cookies – I use iCab and the cookies are sortable by "most recent".

Re: Help!!!
Dermot Trellis #24840 01/26/13 09:34 PM
Joined: Aug 2009
Likes: 16
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 16
To check out your concern, I opened the Apple Store in Safari and clicked on My Account. I was immediately taken to My Account home page apparently as if I were logged in. However, when I tried to do anything, I was immediately asked for my Apple ID password. I could not make changes, or even access account data without entering my password.

I entered my password and made a minor change to my account, then closed the Safari tab, not Safari. I then opened a new tab, went to the Apple Store and My Account. Once again it appeared to all intents and purposes that I was logged in, but whenever I tried to access personal data or change anything or place an order, I was immediately prompted for the password to my Apple ID account.

When viewed from the top level, it could appear that once you logon the Apple Store is open and your account unprotected, However, on closer examination, it appears my account is reasonably well protected with no need to Log off or delete any cookies. On the other hand, I may have to enter my password multiple times during a session. The protection is simply being applied at a lower level as you drill down into the site. This is true with Express Checkout as well.


If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Re: Help!!!
joemikeb #24843 01/27/13 06:29 AM
Joined: Aug 2009
Likes: 15
OP Online

Joined: Aug 2009
Likes: 15
Thanks for confirming that I'm experiencing unexpected expected behavior.

Don't you find it not just unintuitive, but annoyingly unsatisfying to not be made aware that you've been logged out of your account? (Have you ever experienced similar behavior anywhere else? I haven't.)

Edit: As has been previously noted by you and MarkG (before he deleted the body of his post), both the App Store and the iTunes Store use traditional log-out procedures. Is there any reason you can think of for the Apple Store 's procedure to be so weirdly different?

Last edited by artie505; 01/27/13 10:36 AM.

The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: Help!!!
artie505 #24845 01/27/13 09:47 PM
Joined: Aug 2009
Likes: 16
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 16
I am not sure I would call Apple's process unintuitive as much as uncommon and therefore unfamiliar. I have encountered one or two other sites that use a somewhat similar security scheme although at the moment I can't remember where. They are not sites I use often and were not remarkable enough to cause me to remember them. Although Apple's scheme is uncommon, it seems to me to be the more secure option, because there is zero need to log out. You unlock a function only long enough to perform a specific transaction and as soon as that transaction completes, everything is automatically re-locked with no action required on the part of the user.

I have to admit I too often neglect/forget logging out, leaving my session active and vulnerable until it times out on the site. Far too many sites neglect to time out or only time out after a long period of inactivity thereby dramatically increasing my window of vulnerability. With Apple's scheme of tying the authorization (password entry) to a transaction — information retrieval, purchase, etc. — the window of vulnerability is reduced to an absolute minimum. The only downside I see to Apple's scheme being the potential inconvenience of having to enter the password multiple times during a session on the site. That minor inconvenience seems to me a small price to pay for improved security, especially in today's increasingly hostile online environment.


If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Re: Help!!!
joemikeb #24846 01/28/13 01:38 AM
Joined: Aug 2009
Likes: 3
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 3

Quote:
I entered my password and made a minor change to my account, then closed the Safari tab, not Safari. I then opened a new tab, went to the Apple Store and My Account.

I did some testing with a view to ascertaining the vulnerability that would come with use of a public computer. From the Account Home page, after clicking Update your Apple ID email address and password, entering my password, and accessing the page in question, I loaded a different (non-Apple) page in the same tab, then used Safari's Back button. That resulted in this dialog; when I clicked Send, I was in fact returned to the same secure page, with the confidential information displayed as before, and buttons to perform various account-related actions were fully functional.

'Fine,' I thought, 'I need to close the tab, as per Joe's scenario.' Having done so, though, I found that after opening a new tab, I was able to load the same secure page from Safari's History, and again, perform any relevant logged-in actions. I then went back to the Account home page, selected the link for the page I was experimenting with above, and was required, as per Joe's experience, to log in. But even then, I was able to load the page in question from Safari's History.

I don't think I'll be doing anything secure at apple.com from a computer other than my own. shocked



dkmarsh—member, FineTunedMac Co-op Board of Directors
Re: Help!!!
dkmarsh #24847 01/28/13 01:42 PM
Joined: Sep 2009
Offline

Joined: Sep 2009

Re: Help!!!
dkmarsh #24848 01/28/13 04:35 PM
Joined: Aug 2009
Likes: 16
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 16
I had not thought of the history aspect, but it make sense things would work that way. In fact it would get enormously more complicated for it to work otherwise. Now I understand my bank's insistence that you not only log out of the account, but also quite the browser after each session. That also means it would be advisable to quit your browser after any and all sessions where you log onto an account and any personal or financial data is involved.

Personally, I never use a public computer, relying instead on either my iPhone or iPad, but the way iOS devices multitask means every logon is vulnerable unless you first close and then quit the browser or other app, a somewhat cumbersome and time consuming multi-step process.

What is needed is an extension to HTML and/or JavaScript that would force the user to log out of a site any time a window is closed, a user clicks away from a logged on page, or quits the browser. Even better would be to force the browser to shut down (thereby dumping the history file and caches) when you log out.


If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Re: Help!!!
joemikeb #24849 01/30/13 12:29 AM
Joined: Aug 2009
Likes: 14
Offline

Joined: Aug 2009
Likes: 14
Originally Posted By: joemikeb
That also means it would be advisable to quit your browser after any and all sessions where you log onto an account and any personal or financial data is involved.

You're right....and that's been my M.O. for quite a long time. I even go so far as to quit the browser and re-open it prior to logging into any sensitive accounts.

Originally Posted By: joemikeb
....every logon is vulnerable unless you first close and then quit the browser or other app, a somewhat cumbersome and time consuming multi-step process.

But not nearly as time-consuming as fixing the problems when somebody gets access to your information.

Last edited by ryck; 01/30/13 12:32 AM.

ryck

"What Were Once Vices Are Now Habits" The Doobie Brothers

iMac (Retina 5K, 27", 2020), 3.8 GHz 8 Core Intel Core i7, 8GB RAM, 2667 MHz DDR4
OS Ventura 13.6.3
Canon Pixma TR 8520 Printer
Epson Perfection V500 Photo Scanner c/w VueScan software
TM on 1TB LaCie USB-C
Re: Help!!!
ryck #24976 02/07/13 11:36 PM
Joined: Aug 2009
Likes: 15
OP Online

Joined: Aug 2009
Likes: 15
Sorry for taking so long to respond to you and the others who've contributed to this thread... I'll cover everybody in one post.

I still find it unintuitive that Apple's procedure for logging out of your account is not "fail-safe," i.e. leaving the page leaves you in the dark about where you actually stand, unless, of course, you've read Dermot Trellis's linked doc, but, on the other hand, the idea of having to search for a kBase doc to find out how to log out of your account is unintuitive in and of itself.

And as for quitting your browser, don't forget that (with Safari, anyhow) quitting does not automatically clear cache, which, I believe is a security loophole in and of itself.


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: Help!!!
artie505 #25009 02/13/13 04:54 PM
Joined: Aug 2009
Offline

Joined: Aug 2009
it WOULD be interesting if there were some way to determine what "session cookies" / session data was being retained by the browser at the moment, destened to be thrown away when you quit your browser.

anything like that available or possible?


I work for the Department of Redundancy Department
Re: Help!!!
Virtual1 #25055 02/17/13 06:17 AM
Joined: Aug 2009
Likes: 15
OP Online

Joined: Aug 2009
Likes: 15
Originally Posted By: Virtual1
it WOULD be interesting if there were some way to determine what "session cookies" / session data was being retained by the browser at the moment, destened to be thrown away when you quit your browser.

anything like that available or possible?

I wonder if it was possible with Safari 4's detailing of your cookies (as opposed to Safari 5's merely telling you that you've got cookies and thumbing its nose at you)?

Safari 5 seems to me to be a sellout to the "trackers." frown


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Moderated by  alternaut, cyn 

Link Copied to Clipboard
Powered by UBB.threads™ PHP Forum Software 7.7.4
(Release build 20200307)
Responsive Width:

PHP: 7.4.33 Page Time: 0.469s Queries: 44 (0.026s) Memory: 0.6496 MB (Peak: 0.7687 MB) Data Comp: Zlib Server Time: 2024-03-28 12:43:21 UTC
Valid HTML 5 and Valid CSS