Comment Re:So, to clarify... (Score 1) 122
It depends on the website. Many websites do have the behavior you describe. But some will just delete your session cookie from your browser (without deleting it from the server) which would let the attacker keep using it.