I'm using this webmailer to check my private email:
https://webmailer.hosteurope.de/login.php
using FireFox as browser on several different computer systems.
However I have the problem with one of my computers:
Firefox IS saving the login data (login+password) but the next time I'm accessing the webmailer page this data is not used.
That means on this system I have to type my username+password everytime I
want to check my mails which is quite annoying.
Of course I've already tried the usual hints (Google was my friend) but the problem IS NOT that data is not saved! The problem is that saved login data is not used!
Any hints what my cause this problem?
ps: The misbehaving system is new and was configured with a preinstalled :-\ Win10 - all other systems are Win7. But I cannot imagine that this might be causing this behavior!? Firefox was manually installed by me on all systems. So no special settings that I applied.
Try going to Preferences -> Security -> Saved Logins... and check whether the correct domain name is stored. It could be that you saved the login information after you input them wrong. Sometimes when you input wrong username/password you get redirected to a separate page that informs you that you input the wrong credentials. This page sometimes has a login form. If you save the credentials when you are on that page they may only be filled on that page and not the main login page. For example, if you input wrong credentials on somedomain.com and get redirected to somedomain.com/wrong_password and save the credentials there, Firefox might only fill the form on the later page.
If this fails, try refreshing Firefox. Be careful to backup important data first. Usually they are restored automatically, but sometimes it fails. Instructions here: https://support.mozilla.org/t5/Procedures-to-diagnose-and-fix/Refresh-Firefox-reset-add-ons-and-settings/ta-p/23405
If everything fails, you can report it to Firefox at https://bugzilla.mozilla.org/
Related
I have a app JSF2/Richfaces4 with login page and many internal pages
for the normal enterprise. I don't know why, but when the user click
to save the login/password in the browser, some internal pages (3
until today) sometimes are loaded with some field autocompleted using
the same value of the password. Then, the user must clear the local
password saving to solve the problem. What do I need to do to explain
for the browser that it haven't to fill automatically these fields.
Actually, the form and input tag have "autocomplete=off" attribute, which seems not be honored by all browsers (as usual).
Another way is that the user turns of the auto-completion in his browser, which you maybe cannot expect them to do.
Maybe theses link help you out.
https://gist.github.com/runspired/b9fdf1fa74fc9fb4554418dea35718fe
https://www.20spokes.com/blog/what-to-do-when-chrome-ignores-autocomplete-off-on-your-form
When I enter user id and password in netsuite every time it asks me my security questions , how can I stop this happening every time. Other people in my team are not having similar issue so I wonder what needs to be changed in my settings
*Note: I am not having administrator role
NetSuite saves a cookie in your browser in order to recognize your machine and browser the next time you log on. If it does not find this cookie it will ask a security question. There are several conditions under which this can occur:
You log on using a different machine.
You use the same machine, but a different browser.
You use 'private browsing' or 'incognito' mode.
You use a browser extension or other program which automatically deletes your browser cache, or cookies, when you exit.
You have your browser itself set to empty cache on exit. E.G.: Chrome has a setting to "Keep local data only until you quit your browser"
Anything else that might interfere with cookies.
You'll need to check which of these apply to you and act accordingly. If you're still unsure what could be causing it, you could reset your browser to defaults, or install a completely new browser and test whether it still happens with that. You may need to disable or uninstall any browser extensions too.
I am using the Twebbrowser in Delphi (2009) to log into cpanel on my ISP and add a new remote host IP address for a MySQL database. The user name and password are filled in by code as is clicking the submit button, using code gleaned from several places here.
Navigating directly to the hosts page causes the cpanel login page to be shown first. My program detects this and logs me in.
This uses a line like
WebBrowser1.Navigate'https://thedomain.sgcpanel.com:2083/cpsess1819495779/frontend/Crystal/sql/managehost.html');
which reaches the hosts page OK but I notice that the security token (cpsess1819495779) is changed to something else each time, presumably being supplied by the login page.
However if I try to login first as a separate operation and then navigate to the hosts page using
WebBrowser1.Navigate('https://thedomain.sgcpanel.com:2083');
followed by
WebBrowser1.Navigate'https://thedomain.sgcpanel.com:2083/cpsess1819495779/frontend/Crystal/sql/managehost.html');
I get a server message saying the url for the hosts page has an invalid security token - presumably the cpsess1819495779 bit
Question
How can I use Twebbrowser to get hold of the security token generated by the login page in order to use it to build the correct url for the hosts page so that I pass the correct security token each time.
It's probably something to do with cookies etc but I don't know how to deal with those (yet)
BTW as the Twebbrowser is not visible I did spend quite a few days trying to do the same thing using Indy's TIdHTTP but have given up with that as am getting too many errors I can't sort out.
I may as well answer this myself to close the question and maybe avoid any more down votes for posting a question after extensive research failed to produce the answer and that was framed without much of my code for brevity.
The API documentation for cpanel (the application used by many ISPs to manage MySQL, email etc) is here: https://documentation.cpanel.net/display/SDK/Guide+to+cPanel+API+2
part of that says
Security token After you log in to your server, it automatically appends a security token to the URL for your session. Security tokens
help prevent authorized use of a website through XSRF (Cross-Site
Request Forgery). Security tokens contain the string cpsess and a
10-digit number.
Logging in manually in IE / Chrome etc. does indeed show the token eg cpsess1819495779 inserted into the original url that was navigated to. So if I navigate to
https://thedomain.sgcpanel.com:2083/cpsess0000000000/frontend/Crystal/sql/managehost.html
(to logon to cpanel), the part of the url displayed in the browser after cpsess gets changed to something like this, where the number changes each time.
https://secureukm11.sgcpanel.com:2083/cpsess1819495779/frontend/Crystal/sql/managehost.html
However, using Twebbrowser to show that modified url using
memo1.Lines.Add(WebBrowser1.LocationURL);
or
ShowMessage('URL: ' + Webbrowser1.OleObject.Document.Url);
simply shows the original url with the zeros, not the real security token.
So the answer to my question seems to be it can't be done in Twebbrowser as the url is only changed at the server and and the security token is not transmitted back to the browser.
I have 2 Notes servers running from a load balancer. The database uses directory services to authenticate to LDAP.
I have java code that checks LDAP to check if user's password is expired. If the password is expired the code redirects to a password change screen. This code runs in the before page load event. Since all pages are NOT public access a Notes generated login occurs before anything takes place.
The password change screen first ties to authenticate the user in LDAP then changes the password. But if I immediately change my password after the initial Note login then I get an authentication error.
If I change the password back to the same thing then I get no authentication error then everything works fine.
So I suspected that the java code was running twice. The notes log should only running once. But when our LDAP team turned on logging, they could see that the password attribute was being changed twice (when I changed to the same password). So what was happening with the failure is that, the password was changed successfully but when the second time the code ran, it was using the "old" password and it was this error that was returned to the browser.
Now here is where it really gets strange. If I do a Notes authentication, then wait one full minute before password change, the code only runs once.
Or if I go to one of the servers, the code only runs once.
Code runs twice only if I go through the load balancer or if I try changing my password, immediately after logging in.
Any idea what on earth could be going on here?
Update: The issue seems to be coming from our reverse proxy server. The way our site is configured is Browser->Reverve Proxy->Load Balancer->(Notes Server 1, Notes Server 2).
If I go to the Load Balancer then the code only runs once.
While I might not be seeing logging in notes.nsf, I can see it running twice when I look direct at teh console.
Update: Reverse Proxy is running on Apache. Not sure the version.
My previous password change page was refreshing the whole page when I pressed submit. For some reason this was causing the page to be submitted twice. I changed things to a partial refresh and now all works well. Don'tknow why the refresh would not like the full refresh. But it works now. :)
I am working on a financial web application.
There is a client requirement that if user is logged in and already browsing the app. If he copies and pastes the browser url to another window. In another window, the user should get logged out.
I know http is stateless and there is no inbuilt browser mechanism (cookies etc) to solve it, this needs to be implemented by programming only. I guess people have already solved this problem. Do you know know possible solution to solve this issue?
Sadly, there is no solution.
The browser keeps the cookies and all of the user informations for all the Tabs & Windows you open. It will clear the datas (like cookies that ask to be removed after the session) as soon as you close ALL tabs and windows of your browser. Note that if the user use another browser, the behaviour your want will be respected — browsers dnn't (yet ?) share this kind of informations.
It is simply not possible to solve the problem with code, and you'll have to find work-around.
As a researcher, I've seen one of these solutions : de-auth the user on the HTTP_REFERER (Apache Env. Variable). As soon as the referer was not the application itself (except for the login form), the user was de-authed. But take care of it : the Referer is an info sent by the browser. And no information sent by the browser should be trusted :). The advice remains, if only you want to use Javascript. You'll find someone to use a JS-disabled-browser to bypass your verification.
That's why Application Development is not yet dead ;)
Cheers.
K.