For a system that I’m working on that I plan to, at some point, release as open source product, I am going to implement a system so that, to get the specific pages, you need to enter your password even if you are logged in. If you do, you will remain “super-authed” untill you close the browser. This would prevent, ie, my little sister to use my laptop, go to my website and have full power because I’m still logged in. But as I was working on it, a question arose: How good is this, taking into account that most people will just end up storing the password in their browser. Obviously, there are ways around that. (Using a random name for the password field each time is probally enough.) But, by doing that, I will be breaking browser functionalities. Do I really want to do that?