Should I always log out of websites?

"Staying logged in does make it easier for someone to break in to your account, because they could sniff the cookie and then use it to pretend to be logged in themselves. Logging out would theoretically render that cookie useless.

However, if someone is in the position to be sniffing your packets, you're probably already screwed, as they could simply sniff the username and password itself as you log in. Well-designed sites won't have this problem because they'll use a hashing algorithm with a challenge and response, but you'd be surprised how few sites are designed this way.

So basically, yes logging out does technically keep yourself more secure, but it's at such a level where it doesn't really matter anyway.

If it's your own private computer that no one else can use, then just leave yourself logged in."

"If your banking website is bad and susceptible to XSS (Cross Site Scripting) and CSRF (Cross-site request forgery), I would log out as having an active session could mean that visiting the wrong website could empty your account!

That being said, a lot of modern browsers support XSS prevention techniques and if information is being sent such as the above example, it is possible for it to alert you (but a lot of people disable these filters).

Generally speaking, I do not log out of websites as I am the only one who uses my computer... and I hope that the sites I use are not susceptible to the above, however I am sure that best practice would be to log out, and use your browsers features to auto login / save passwords to save time to get back in.

In addition, if you ever visit public places / hotspots, I always go via VPN and/or if not and I really have to log in, I would go as far as changing my passwords when I get home... You just can't trust a computer that isn't yours."