General discussion

Locked

Web Browser Connection Not Dropped

By yuemo ·
Currently, we have some wired problem: after users finish accessing a SSL+basic authentication web site, once a while, after the user close the browser, relaunch the browser again, the user can access the previously browsed information without any authentication.

The problem is not consistent. The wired part is that even all the internet temp files are deleted, the user could still get the preiously broswed information without any authentication. The only cure is to reboot the computer.

So the problem seems the memory cache of the computer(?).

We have some users sharing computer to access their own personal data via web, this issue bugs us too much. Please help!

Thanks!

-Yuemo

This conversation is currently closed to new comments.

9 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Web Browser Connection Not Dropped

by TimTheToolMan In reply to Web Browser Connection No ...

Hi,

It could be that the security information is held in a cookie on the PC. The cookie will have a timeout value of maybe 30mins and so the access will be valid for that time...

Usually these sites will have a logout function which should clean up the cookie. Tell them to use that rather than simply closing the browser.

Cheers,
Tim.

Collapse -

Web Browser Connection Not Dropped

by yuemo In reply to Web Browser Connection No ...

Hi, we don't use cookies. I suspect the IE is corrupted somehow, and will let them to reinstall IE.

Thanks for your help!

Collapse -

Web Browser Connection Not Dropped

by isys In reply to Web Browser Connection No ...

Under IE, select Tools, Internet Options, Advanced tab, scroll to the bottom of the page under Security, make sure the box next to Do Not Save Encrypted Pages to Disk and Empty Temporary Internet Files folder when browser is closed are selected.

Collapse -

Web Browser Connection Not Dropped

by yuemo In reply to Web Browser Connection No ...

Hi, the only cure is rebooting computer. The issue seem in the memory, that is, the browser process is not properly terminated. Temporary file is not an issue here, because automatically or manaually cleaning does not help.

Thanks for your help!

Collapse -

Web Browser Connection Not Dropped

by jluster In reply to Web Browser Connection No ...

This seems to be a known problem when Active Desktop is enabled. The AD is a browser window itself and as such keeps tabs (state) for you. Try disabling the AD.

Collapse -

Web Browser Connection Not Dropped

by yuemo In reply to Web Browser Connection No ...

It behavors the same no matter AD is enabled or disabled.

Collapse -

Web Browser Connection Not Dropped

by TimTheToolMan In reply to Web Browser Connection No ...

Hi,

When you say you dont use cookies (as per my last suggestion...) does that mean that you have specifically turned them off in the browsers?

You dont "use cookies" yourself. The browsers do that all by themselves to keep state - such as a successful authentication.

Cookies come in two forms. Permanent, on disk cookies that you'll see in the "temporary internet files" folder...

And In memory cookies. These are the ones likely to be "kept" in your case. As another poster said - if you have Active Desktop enabled, then its very likely.

The other thing for you to look at is the URL itself. Does it have the authentication string? For example mine does right now...

http://www.techrepublic.com/forumqa/post_reply.jhtml;jsessionid=OXGCB2BTLLEOWQDQY5QCFFA?thread_id=82799&message_id=502631

Because Techrepublic keeps authorisation state in the URL - timeouts can occur at the server end, so unless you actually logout, the above URL will work for 30mins or so.

By the way,I slightly changed the jsessionid above for my own safety...

Hope this info helps you.
Cheers,
Tim.

Collapse -

Web Browser Connection Not Dropped

by yuemo In reply to Web Browser Connection No ...

The problem is still unresolved.

Collapse -

Web Browser Connection Not Dropped

by yuemo In reply to Web Browser Connection No ...

This question was closed by the author

Back to Security Forum
9 total posts (Page 1 of 1)  

Security Forums