Jump to content

Retained password access on browser page close


Z2Dave

Recommended Posts

I have a problem with retained passwords for a CC3 application to be run by a charity.

If you are browsing with FFX or IE6/7 or similar, once you have closed the page that was displaying admin you should of course have logged out. But if you haven't then anyone on the same browser/computer can, it seems, go back into admin without logging on. The system therefore is not fail safe and the 'committee' of this charity are demanding an automatic logout once the browser page is shut.

I don't know whether I have explained it properly, however has anyone any ideas or am I doing something wrong

Cheers

Link to comment
Share on other sites

Their is a logout link at the top of the admin page. They should click that before they close the window. The cookie will expire - not sure how long it does - but if they are concerned about it, just click on logout. Not sure if there is a way to automate it.

Link to comment
Share on other sites

I agree with the link but what they are saying is that it is not a secure audit trail if someone forgets to log out. I think they are being over paranoid but they do have a point, and it's public money they are dealing with.

Their is a logout link at the top of the admin page. They should click that before they close the window. The cookie will expire - not sure how long it does - but if they are concerned about it, just click on logout. Not sure if there is a way to automate it.

Link to comment
Share on other sites

Guest fandango

Hi Z2Dave,

This may help:

In the General Settings in the admin panel there is a session length setting in seconds (Max Session Length:) you could alter that to say 1800 that would give a half an hour session before being required to log in again, so if someone does forget to log out then its only the remainder of the 30 mins that the admin panel is live.

Or alternative is to ensure that their browsers are set to clear recent history, clear cookies etc on close.

Hope it helps.

Fandango

Link to comment
Share on other sites

Cheers on that. Sounds like an answer they will have to accept.

Dave

Hi Z2Dave,

This may help:

In the General Settings in the admin panel there is a session length setting in seconds (Max Session Length:) you could alter that to say 1800 that would give a half an hour session before being required to log in again, so if someone does forget to log out then its only the remainder of the 30 mins that the admin panel is live.

Or alternative is to ensure that their browsers are set to clear recent history, clear cookies etc on close.

Hope it helps.

Fandango

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...