Hi, i have a website, which contains a user area. on tablets the issue is, if a customer login fails for three times, login is disabled for that session, but on a desktop if you close the browser and try to login again, you get more 3 chance to login.
but on a tablet once you fail to login three times, login is disabled for that session, but if you restart the browser, there is no change, and you still have the session retained.
any other way we can do it ? may be using native js or jquery, and can write a script to delete browser cookies when tab is closed or window is closed.
Your system has a security functionality built in, that you want to take away with JavaScript. So what is the point of having it in the first place?
If you go to the source code that is providing this functionality, you could rewrite it to fit your situation little better. Maybe increase the number of attempts, etc...
I was under the impression you are just trying to test something and needed to clear session of off tablet.
Typically, the whole point of "disabling login" is to prevent the user from trying again. By that measure, the tablet is actually doing a better job - you can't circumvent the feature by closing and reopening the browser.
Not that I agree that you should be blocking login attempts at all. It's pointless in security terms, and annoying in regards to UX. It sounds like you don't want your users to be blocked - so why not just "not block them" in the first place?
There are better options after failed login attempts:
(1) Show a "forgot password?" page.
(2) Throttle (slow down) subsequent attempts (this helps guard against brute force attacks).
(3) Send an email to the account owner to find out if it's them, or an impostor.
Typically, the whole point of "disabling login" is to prevent the user from trying again. By that measure, the tablet is actually doing a better job - you can't circumvent the feature by closing and reopening the browser.
I did realize that blocking a user and then restarting the browser to allow login is senseless. so, all i did was end up increasing the number of login attempts.
Hi, i have a website, which contains a user area. on tablets the issue is, if a customer login fails for three times, login is disabled for that session, but on a desktop if you close the browser and try to login again, you get more 3 chance to login.
but on a tablet once you fail to login three times, login is disabled for that session, but if you restart the browser, there is no change, and you still have the session retained.
does anyone know a way around this ? thanks
regards
Reboot the tablet?
Tablet is most likely saving your session. Open the browser, go to settings and clear cache and cookies. Then try again.
oh my.
That's a lot for a user to do.
any other way we can do it ? may be using native js or jquery, and can write a script to delete browser cookies when tab is closed or window is closed.
Your system has a security functionality built in, that you want to take away with JavaScript. So what is the point of having it in the first place?
If you go to the source code that is providing this functionality, you could rewrite it to fit your situation little better. Maybe increase the number of attempts, etc...
I was under the impression you are just trying to test something and needed to clear session of off tablet.
Typically, the whole point of "disabling login" is to prevent the user from trying again. By that measure, the tablet is actually doing a better job - you can't circumvent the feature by closing and reopening the browser.
Not that I agree that you should be blocking login attempts at all. It's pointless in security terms, and annoying in regards to UX. It sounds like you don't want your users to be blocked - so why not just "not block them" in the first place?
There are better options after failed login attempts:
(1) Show a "forgot password?" page.
(2) Throttle (slow down) subsequent attempts (this helps guard against brute force attacks).
(3) Send an email to the account owner to find out if it's them, or an impostor.
This.
I did realize that blocking a user and then restarting the browser to allow login is senseless. so, all i did was end up increasing the number of login attempts.
Thanks a lot all.
:)