When I enter user id and password in netsuite every time it asks me my security questions , how can I stop this happening every time. Other people in my team are not having similar issue so I wonder what needs to be changed in my settings
*Note: I am not having administrator role
NetSuite saves a cookie in your browser in order to recognize your machine and browser the next time you log on. If it does not find this cookie it will ask a security question. There are several conditions under which this can occur:
You log on using a different machine.
You use the same machine, but a different browser.
You use 'private browsing' or 'incognito' mode.
You use a browser extension or other program which automatically deletes your browser cache, or cookies, when you exit.
You have your browser itself set to empty cache on exit. E.G.: Chrome has a setting to "Keep local data only until you quit your browser"
Anything else that might interfere with cookies.
You'll need to check which of these apply to you and act accordingly. If you're still unsure what could be causing it, you could reset your browser to defaults, or install a completely new browser and test whether it still happens with that. You may need to disable or uninstall any browser extensions too.
Related
I am building an extension which every time the browser opens asks user for a strong password. Its purpose is that it uses that password to derive and generate strong passwords for new websites upon registration and it tries to regenerate same passwords next time a user visits an already visited website.
I am using below method to store user's masterpassword(used for password generation) which is sensitive information:
window.sessionStorage.setItem(varName)
And I use below method to get it whenever it is needed.
sessionStorage.getItem(varName)
My problem is that I want this data which is stored in browsers data to be valid as long as Chrome open. This master password needs to be cleared every time user closes the browser and to be asked every time it gets reopened.
I read that session storage is temporary and it gets cleared but it does not work for my extension. I also know that there is nothing to add in order to detect browser getting closed as it stops running your script.
Can you please help me with it? Is there such method that keeps data for a short time?
Since Manifest V3 removed the notion of persistent background pages. You can imitate this with chrome.storage.local. The only caveat regarding this is that it stores the variable in the extensions local storage which is still okay for that user.
One way to imitate a browser closing is by creating a chrome.runtime.port that is opened and then when the browser closes or the extension gets reloaded it will call onDisconnect for that port, and you can clear your chrome.storage.local.clear():
chrome.runtime.onConnect.addListener(port => port.onDisconnect.addListener(() => chrome.storage.local.clear()))
When the browser is launched, just connect:
chrome.runtime.connect(null, {})
That might unload itself when background script goes back to sleep, unfortunately, the only way to get passed that is to keep your own managed extension window that pops up. But that might be overkill for user experience.
I'm using this webmailer to check my private email:
https://webmailer.hosteurope.de/login.php
using FireFox as browser on several different computer systems.
However I have the problem with one of my computers:
Firefox IS saving the login data (login+password) but the next time I'm accessing the webmailer page this data is not used.
That means on this system I have to type my username+password everytime I
want to check my mails which is quite annoying.
Of course I've already tried the usual hints (Google was my friend) but the problem IS NOT that data is not saved! The problem is that saved login data is not used!
Any hints what my cause this problem?
ps: The misbehaving system is new and was configured with a preinstalled :-\ Win10 - all other systems are Win7. But I cannot imagine that this might be causing this behavior!? Firefox was manually installed by me on all systems. So no special settings that I applied.
Try going to Preferences -> Security -> Saved Logins... and check whether the correct domain name is stored. It could be that you saved the login information after you input them wrong. Sometimes when you input wrong username/password you get redirected to a separate page that informs you that you input the wrong credentials. This page sometimes has a login form. If you save the credentials when you are on that page they may only be filled on that page and not the main login page. For example, if you input wrong credentials on somedomain.com and get redirected to somedomain.com/wrong_password and save the credentials there, Firefox might only fill the form on the later page.
If this fails, try refreshing Firefox. Be careful to backup important data first. Usually they are restored automatically, but sometimes it fails. Instructions here: https://support.mozilla.org/t5/Procedures-to-diagnose-and-fix/Refresh-Firefox-reset-add-ons-and-settings/ta-p/23405
If everything fails, you can report it to Firefox at https://bugzilla.mozilla.org/
Question 1
My secure web application sets a session cookie for authenticated users which is not cleared even after I close my Chrome browser.
As a result, when a user tries to hit the dashboard page of my application after re-launching the browser (even restarting machine!), they are not asked to login again. Chrome is NOT set to "continue where I left off" which is also my next question.
I tested my bank's site under the same settings and it seems to force log out the user even when Network tab shows that same cookies are being retained (and sent with initial request header) for bank site as well. My server is Apache over SSL.
Can someone please point to some resource where I can handle this scenario because Chrome clearly is not clearing session cookie at the time of browser closing.
Question 2
Now with the setting "continue where I left off" where it basically persists your sessional cookies and practically you can remain authenticated forever, is there a way to override/work around this Chrome feature.
When I see even my supposedly secure bank site letting a browser bypass security like that, it kind of makes me unnerved. Any suggestions there?
Cheers!
What ended up fixing this issue for me was to uncheck the:
Continue running background apps when Google Chrome is closed
setting under the SYSTEM section.
Hope this helps save some headaches....
I am building a webapp in Laravel 4.1, and I wish to force logout on browser / tab close.
A bit like your typical bank does... You log into your online banking, close the window, then go back to the site, you need to log back in again.
I have set the following in my app/config/sessions.php
'driver' => 'file',
'lifetime' => 0,
'expire_on_close' => true,
Safari and Firefox appear to work properly, however Chrome seems to keep the session cache as valid meaning that the user is logged in when they browse to my site.
Is there any way I can force Chrome to not keep the user logged into my site? Maybe there is something I can do in htaccess or similar?
As far as I can tell, Chrome does not have a specific issue when it comes to session cookies. I just tested my own app on Firefox, Safari and Chrome and the behaviour was the same for all three.
I would recommend opening up the Developer Tools in Chrome, clicking on the "Resources" menu and checking the cookies for your site. If things are working correctly, the cookie for your site should be listed with a value of "Session" in the "Expires / Max-Age" column. If not, then your app may not be setting the cookie correctly. Or you may have an old cookie hanging around, so just delete the cookie and try again.
BTW - Laravel 4.1 overrides PHP's native session handling and does everything itself, INCLUDING garbage collection. And it gets its session lifetime value from the 'lifetime' value above. So if you stick with your current settings, you are going to end up with ALL of your logged in users being logged out every time garbage collection runs (which, by default, will be 2 in 100 requests). You should change 'lifetime' to some value like 1440. I wrote a lengthy article on this problem just today in fact:
http://yetanotherprogrammingblog.com/content/laravel-40-41-session-configuration-problem-solved
I am working on a financial web application.
There is a client requirement that if user is logged in and already browsing the app. If he copies and pastes the browser url to another window. In another window, the user should get logged out.
I know http is stateless and there is no inbuilt browser mechanism (cookies etc) to solve it, this needs to be implemented by programming only. I guess people have already solved this problem. Do you know know possible solution to solve this issue?
Sadly, there is no solution.
The browser keeps the cookies and all of the user informations for all the Tabs & Windows you open. It will clear the datas (like cookies that ask to be removed after the session) as soon as you close ALL tabs and windows of your browser. Note that if the user use another browser, the behaviour your want will be respected — browsers dnn't (yet ?) share this kind of informations.
It is simply not possible to solve the problem with code, and you'll have to find work-around.
As a researcher, I've seen one of these solutions : de-auth the user on the HTTP_REFERER (Apache Env. Variable). As soon as the referer was not the application itself (except for the login form), the user was de-authed. But take care of it : the Referer is an info sent by the browser. And no information sent by the browser should be trusted :). The advice remains, if only you want to use Javascript. You'll find someone to use a JS-disabled-browser to bypass your verification.
That's why Application Development is not yet dead ;)
Cheers.
K.