Pushpendra Singh Chauhan Posted December 7, 2022 Share Posted December 7, 2022 Hi, I want to clear the session whenever my browser closed. Also I want to clear cookies if I close my browser. Currently expiration cookies showing this value- "expirationDate": 1678178602.244715, that means Mar 07 2023. Can i reduce this? Another thing i want to know that, if I copied my own browser's cookies to another pc on a different browser and surprisingly I managed to open logged in account of my website with existing sessions even after Public IP changed!! How to prevent this. Please advise. Link to comment Share on other sites More sharing options...
Randy Calvert Posted December 7, 2022 Share Posted December 7, 2022 30 minutes ago, Pushpendra Singh Chauhan said: Another thing i want to know that, if I copied my own browser's cookies to another pc on a different browser and surprisingly I managed to open logged in account of my website with existing sessions even after Public IP changed!! How to prevent this. You don’t change this. That’s exactly how cookies work. They’re not associated with IP addresses, etc. That’s how cookies in general work across the internet… not something unique to the software. (If cookies were tied to IP, you could never use mobile devices.) Link to comment Share on other sites More sharing options...
Pushpendra Singh Chauhan Posted December 7, 2022 Author Share Posted December 7, 2022 1 minute ago, Randy Calvert said: You don’t change this. That’s exactly how cookies work. They’re not associated with IP addresses, etc. That’s how cookies in general work across the internet… not something unique to the software. What if someone steal my cookies, he can logged in as me. Is there an alternate way so that no one can use my cookies for login. How can I clear cookies on browser close? Also, how can I clear the session whenever my browser closed. Please suggest Link to comment Share on other sites More sharing options...
Randy Calvert Posted December 7, 2022 Share Posted December 7, 2022 Cookies can’t be stolen unless someone has direct access to that device. if you don’t want to keep sessions when logging in or if you’re using a shared device, you don’t check the “remember me” option when logging in. Also browsers support some sort of private browsing or “incognito“ mode. When you use it, all cookies and temporary files associated with the session are deleted when the browser window is closed. This is a browser setting, not an IPB one. https://www.computerworld.com/article/3356840/how-to-go-incognito-in-chrome-firefox-safari-and-edge.amp.html Link to comment Share on other sites More sharing options...
Marc Stridgen Posted December 7, 2022 Share Posted December 7, 2022 This is something you really need to take care of with your browser. Its not something the software would do. To give you an analogy, it would be like contacting the car manufacturer to ask them to ensure they hide your keys every time you leave your car. Link to comment Share on other sites More sharing options...
My Sharona Posted December 7, 2022 Share Posted December 7, 2022 3 hours ago, Pushpendra Singh Chauhan said: What if someone steal my cookies, he can logged in as me. Is there an alternate way so that no one can use my cookies for login. How can I clear cookies on browser close? Also, how can I clear the session whenever my browser closed. Please suggest What browser? Link to comment Share on other sites More sharing options...
Pushpendra Singh Chauhan Posted December 7, 2022 Author Share Posted December 7, 2022 9 minutes ago, My Sharona said: What browser? Any browser, Lets say If I copy the cookies from chrome and use these on another desktop in chrome/firefox i will be able to logged in without password duel facto authentication. 3 hours ago, Marc Stridgen said: This is something you really need to take care of with your browser. Its not something the software would do. To give you an analogy, it would be like contacting the car manufacturer to ask them to ensure they hide your keys every time you leave your car. Yes. But this is suspicious if that I can use the cookie to login of different desktop. Is there a way if I close my browser the session will be clear and I've to login again? Link to comment Share on other sites More sharing options...
Gary Posted December 7, 2022 Share Posted December 7, 2022 Hi @Pushpendra Singh Chauhan, I am using Microsoft Edge and there is an option to choose what to clear every time I close my browser. These include cookies and other site data, autofill form data, etc. Only you or your browser can delete cookies from your system, not Invision Community. If you would like to take an additional step to be more careful, then definitely do what @Randy Calvert has suggested and untick the 'Remember me' field. Link to comment Share on other sites More sharing options...
Marc Stridgen Posted December 7, 2022 Share Posted December 7, 2022 8 minutes ago, Pushpendra Singh Chauhan said: Yes. But this is suspicious if that I can use the cookie to login of different desktop. Is there a way if I close my browser the session will be clear and I've to login again? Only to not tick the remember me box. Other than that, its something your browser would control, as previously mentioned Link to comment Share on other sites More sharing options...
My Sharona Posted December 7, 2022 Share Posted December 7, 2022 (edited) 2 hours ago, Pushpendra Singh Chauhan said: Any browser, Lets say If I copy the cookies from chrome and use these on another desktop in chrome/firefox i will be able to logged in without password duel facto authentication. All browsers have different ways in which you are able to control certain aspects, which is why I asked. For example, if you are using Chrome, here is how you set it so that cookies are removed when closing the browser. This will clear cookies from all sites. On your computer, open Google Chrome. At the top right, click More. Settings. Click Privacy and security. Cookies and other site data. Turn on Clear cookies and site data when you close all windows. If you're synced to Chrome, sync will pause when you quit your Chrome browsing session. A simple google search will explain how to do so on other browsers. Edited December 7, 2022 by My Sharona Link to comment Share on other sites More sharing options...
Pushpendra Singh Chauhan Posted December 10, 2022 Author Share Posted December 10, 2022 On 12/7/2022 at 6:33 PM, Marc Stridgen said: Only to not tick the remember me box. Other than that, its something your browser would control, as previously mentioned So IPS can't close my session if i close my browser. Could anyone suggest if is this possible through server settings ( i am using Apache CentOS) Is there a way to close the session if I am inactive for some some time or I close the browser something like banking websites Link to comment Share on other sites More sharing options...
Jim M Posted December 10, 2022 Share Posted December 10, 2022 2 hours ago, Pushpendra Singh Chauhan said: So IPS can't close my session if i close my browser. Could anyone suggest if is this possible through server settings ( i am using Apache CentOS) Is there a way to close the session if I am inactive for some some time or I close the browser something like banking websites A session would only be active for the duration of your browser session (aka when you close your browser OR ~25 min pass with no action to the server). That is what will happen if you don’t click the “ remember me” checkbox on login. Link to comment Share on other sites More sharing options...
Pushpendra Singh Chauhan Posted December 15, 2022 Author Share Posted December 15, 2022 On 12/11/2022 at 4:09 AM, Jim M said: A session would only be active for the duration of your browser session (aka when you close your browser OR ~25 min pass with no action to the server) This happened only in Admin Panel (in both normal and incognito mode). I want the exact functionality for front-end logins. Is this possible? Link to comment Share on other sites More sharing options...
Marc Stridgen Posted December 15, 2022 Share Posted December 15, 2022 It isnt. As has been mentioned a few times above, its something you would deal with browser side Link to comment Share on other sites More sharing options...
Recommended Posts