Pushpendra Singh Chauhan Posted December 7, 2022 Posted December 7, 2022 Hi, I want to clear the session whenever my browser closed. Also I want to clear cookies if I close my browser. Currently expiration cookies showing this value- "expirationDate": 1678178602.244715, that means Mar 07 2023. Can i reduce this? Another thing i want to know that, if I copied my own browser's cookies to another pc on a different browser and surprisingly I managed to open logged in account of my website with existing sessions even after Public IP changed!! How to prevent this. Please advise.
Randy Calvert Posted December 7, 2022 Posted December 7, 2022 30 minutes ago, Pushpendra Singh Chauhan said: Another thing i want to know that, if I copied my own browser's cookies to another pc on a different browser and surprisingly I managed to open logged in account of my website with existing sessions even after Public IP changed!! How to prevent this. You don’t change this. That’s exactly how cookies work. They’re not associated with IP addresses, etc. That’s how cookies in general work across the internet… not something unique to the software. (If cookies were tied to IP, you could never use mobile devices.)
Pushpendra Singh Chauhan Posted December 7, 2022 Author Posted December 7, 2022 1 minute ago, Randy Calvert said: You don’t change this. That’s exactly how cookies work. They’re not associated with IP addresses, etc. That’s how cookies in general work across the internet… not something unique to the software. What if someone steal my cookies, he can logged in as me. Is there an alternate way so that no one can use my cookies for login. How can I clear cookies on browser close? Also, how can I clear the session whenever my browser closed. Please suggest
Randy Calvert Posted December 7, 2022 Posted December 7, 2022 Cookies can’t be stolen unless someone has direct access to that device. if you don’t want to keep sessions when logging in or if you’re using a shared device, you don’t check the “remember me” option when logging in. Also browsers support some sort of private browsing or “incognito“ mode. When you use it, all cookies and temporary files associated with the session are deleted when the browser window is closed. This is a browser setting, not an IPB one. https://www.computerworld.com/article/3356840/how-to-go-incognito-in-chrome-firefox-safari-and-edge.amp.html
Marc Posted December 7, 2022 Posted December 7, 2022 This is something you really need to take care of with your browser. Its not something the software would do. To give you an analogy, it would be like contacting the car manufacturer to ask them to ensure they hide your keys every time you leave your car.
My Sharona Posted December 7, 2022 Posted December 7, 2022 3 hours ago, Pushpendra Singh Chauhan said: What if someone steal my cookies, he can logged in as me. Is there an alternate way so that no one can use my cookies for login. How can I clear cookies on browser close? Also, how can I clear the session whenever my browser closed. Please suggest What browser?
Pushpendra Singh Chauhan Posted December 7, 2022 Author Posted December 7, 2022 9 minutes ago, My Sharona said: What browser? Any browser, Lets say If I copy the cookies from chrome and use these on another desktop in chrome/firefox i will be able to logged in without password duel facto authentication. 3 hours ago, Marc Stridgen said: This is something you really need to take care of with your browser. Its not something the software would do. To give you an analogy, it would be like contacting the car manufacturer to ask them to ensure they hide your keys every time you leave your car. Yes. But this is suspicious if that I can use the cookie to login of different desktop. Is there a way if I close my browser the session will be clear and I've to login again?
Gary Posted December 7, 2022 Posted December 7, 2022 Hi @Pushpendra Singh Chauhan, I am using Microsoft Edge and there is an option to choose what to clear every time I close my browser. These include cookies and other site data, autofill form data, etc. Only you or your browser can delete cookies from your system, not Invision Community. If you would like to take an additional step to be more careful, then definitely do what @Randy Calvert has suggested and untick the 'Remember me' field.
Marc Posted December 7, 2022 Posted December 7, 2022 8 minutes ago, Pushpendra Singh Chauhan said: Yes. But this is suspicious if that I can use the cookie to login of different desktop. Is there a way if I close my browser the session will be clear and I've to login again? Only to not tick the remember me box. Other than that, its something your browser would control, as previously mentioned
My Sharona Posted December 7, 2022 Posted December 7, 2022 (edited) 2 hours ago, Pushpendra Singh Chauhan said: Any browser, Lets say If I copy the cookies from chrome and use these on another desktop in chrome/firefox i will be able to logged in without password duel facto authentication. All browsers have different ways in which you are able to control certain aspects, which is why I asked. For example, if you are using Chrome, here is how you set it so that cookies are removed when closing the browser. This will clear cookies from all sites. On your computer, open Google Chrome. At the top right, click More. Settings. Click Privacy and security. Cookies and other site data. Turn on Clear cookies and site data when you close all windows. If you're synced to Chrome, sync will pause when you quit your Chrome browsing session. A simple google search will explain how to do so on other browsers. Edited December 7, 2022 by My Sharona
Pushpendra Singh Chauhan Posted December 10, 2022 Author Posted December 10, 2022 On 12/7/2022 at 6:33 PM, Marc Stridgen said: Only to not tick the remember me box. Other than that, its something your browser would control, as previously mentioned So IPS can't close my session if i close my browser. Could anyone suggest if is this possible through server settings ( i am using Apache CentOS) Is there a way to close the session if I am inactive for some some time or I close the browser something like banking websites
Jim M Posted December 10, 2022 Posted December 10, 2022 2 hours ago, Pushpendra Singh Chauhan said: So IPS can't close my session if i close my browser. Could anyone suggest if is this possible through server settings ( i am using Apache CentOS) Is there a way to close the session if I am inactive for some some time or I close the browser something like banking websites A session would only be active for the duration of your browser session (aka when you close your browser OR ~25 min pass with no action to the server). That is what will happen if you don’t click the “ remember me” checkbox on login.
Pushpendra Singh Chauhan Posted December 15, 2022 Author Posted December 15, 2022 On 12/11/2022 at 4:09 AM, Jim M said: A session would only be active for the duration of your browser session (aka when you close your browser OR ~25 min pass with no action to the server) This happened only in Admin Panel (in both normal and incognito mode). I want the exact functionality for front-end logins. Is this possible?
Marc Posted December 15, 2022 Posted December 15, 2022 It isnt. As has been mentioned a few times above, its something you would deal with browser side
Recommended Posts