Return Styles: Pseud0ch, Terminal, Valhalla, NES, Geocities, Blue Moon.

Pages: 1-

Web security

Name: Anonymous 2019-07-31 6:16

Scenario:
User opens two tabs of content needing authentication
Both are redirected to the login screen
User logs on in one of them and is granted access
User reloads the second page
Should it redirect to the requested location, or should it prompt for login again?

Name: Anonymous 2019-07-31 7:46

Sometimes the choice is between security or convenience in which case you should choose security and kill all active logged in sessions, regardless of how many logged in users are impacted, whenever a login page is loaded, no exceptions.

Name: Anonymous 2019-07-31 11:50

Kill the user as well while you are at it. You can never be too sure.

Name: Anonymous 2019-07-31 18:59

>>3
this

Name: Anonymous 2019-07-31 20:16

Log off

Name: Anonymous 2019-08-02 2:18

The right answer is JavaScript. When the user successfully logs into the first tab, other tabs can be notified immediately using the postMessage API [1].

Upon receiving the notification, the second tab then loads the requested location, without the user having to do anything.

// first tab
window.postMessage('login', 'https://mywebsite.com');

// second tab
window.addEventListener('message', (event) => {
if (event.origin === 'https://mywebsite.com' && event.data === 'login') {
// Load the location the user originally wanted. This time, we should be authorized.
const return_to_path = new URL(window.location.href).searchParams.get('return_to')
window.location.pathname = return_to_path;
}
});



Works Cited.

[1] https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage
[2] http://i.imgur.com/xBjhq9g.jpg

Name: Cudder !cXCudderUE 2019-08-02 12:08

Should it redirect to the requested location, or should it prompt for login again?

It depends if the two tabs are isolated or sharing the same session.

If isolated, the second one would obviously still prompt to login.

Otherwise, it depends on how the login page is designed.

Name: Anonymous 2019-08-02 13:11

>>7
There is no ``session'' in HTTP. Admit your role.

Name: Anonymous 2019-08-02 19:15

>The right answer is JavaScript.
JavaScript is never a right answer.

Name: Anonymous 2019-08-02 19:51

>>6
Cock parrot

Name: Anonymous 2019-08-02 20:35

>>6
After reading this I can conclude that it is not Sepples that is a mistake, but JavaScript.

Name: Permanent Record 2019-08-02 21:10

http://www.amazon.com/dp/B07STQPGH6

Name: Cudder !cXCudderUE 2019-08-03 1:07

>>8
There is in HTML, and "private browsing mode" is one way to open a new session.

Name: Anonymous 2019-08-08 8:37

You should be able to login via get parameters.

Name: Anonymous 2019-08-08 18:34

>>13
Firefox has containers.

Name: Anonymous 2019-08-09 3:04

Contain my anus

Name: Anonymous 2019-08-09 7:17

>>16
SCP foundation is aware of the threat.

Name: Anonymous 2019-08-09 8:07

I'm more of a proponent of the rsync Foundation.

Name: Anonymous 2019-09-26 4:22

Both are the same domain and share the same browser profile so you should already be authenticated in both tabs.

Name: Anonymous 2019-09-28 3:58

>>19
Authenticate my anus

Name: Joe Dubchecker 2019-09-28 13:39

Let's see some really clever, world-class Dubs here. Anyone got the right stuff?

Name: Anonymous 2019-09-28 13:44

I farted
Don't change these.
Name: Email:
Entire Thread Thread List
All trademarks and copyrights on this site are owned by their respective parties. All comments and posts are the responsibility of their own posters.
- Tinychan + 2ch Mode + RSS -