Iprism is working gret
True if a user does not log out someone else may come along before the timeout and use the internet on your machine but only if you are using the web http(s)authentication. If you use the basic proxy authentication then users must authenticate eachtime they open the web browser. We have been running one for the past few weeks with our citrix metaframe users and are thus far pleased with the results.
Keep Up with TechRepublic