Forums

The forums ran from 2008-2020 and are now closed and viewable here as an archive.

Home Forums Other Delete session in Tablet browsers – when browser closed

  • This topic is empty.
Viewing 8 posts - 1 through 8 (of 8 total)
  • Author
    Posts
  • March 12, 2013 at 6:00 pm #43340
    amyth91
    Participant

    Hi, i have a website, which contains a user area. on tablets the issue is, if a customer login fails for three times, login is disabled for that session, but on a desktop if you close the browser and try to login again, you get more 3 chance to login.

    but on a tablet once you fail to login three times, login is disabled for that session, but if you restart the browser, there is no change, and you still have the session retained.

    does anyone know a way around this ?
    thanks

    regards

    March 12, 2013 at 6:10 pm #127964
    CrocoDillon
    Participant

    Reboot the tablet?

    March 12, 2013 at 6:18 pm #127965
    Alen
    Participant

    Tablet is most likely saving your session. Open the browser, go to settings and clear cache and cookies. Then try again.

    March 14, 2013 at 5:24 pm #128255
    amyth91
    Participant

    oh my.

    That’s a lot for a user to do.

    any other way we can do it ? may be using native js or jquery, and can write a script to delete browser cookies when tab is closed or window is closed.

    March 14, 2013 at 7:09 pm #128270
    Alen
    Participant

    Your system has a security functionality built in, that you want to take away with JavaScript. So what is the point of having it in the first place?

    If you go to the source code that is providing this functionality, you could rewrite it to fit your situation little better. Maybe increase the number of attempts, etc…

    I was under the impression you are just trying to test something and needed to clear session of off tablet.

    March 14, 2013 at 7:16 pm #128271
    __
    Participant

    Typically, the whole point of “disabling login” is to prevent the user from trying again. By that measure, the tablet is actually doing a better job – you can’t circumvent the feature by closing and reopening the browser.

    Not that I agree that you should be blocking login attempts at all. It’s pointless in security terms, and annoying in regards to UX. It sounds like you don’t *want* your users to be blocked – so why not just “not block them” in the first place?

    There are better options after failed login attempts:

    (1) Show a “forgot password?” page.

    (2) Throttle (slow down) subsequent attempts (this helps guard against brute force attacks).

    (3) Send an email to the account owner to find out if it’s them, or an impostor.

    March 14, 2013 at 9:09 pm #128277
    TheDoc
    Member

    > Typically, the whole point of “disabling login” is to prevent the user from trying again. By that measure, the tablet is actually doing a better job – you can’t circumvent the feature by closing and reopening the browser.

    This.

    March 18, 2013 at 9:51 pm #128698
    amyth91
    Participant

    I did realize that blocking a user and then restarting the browser to allow login is senseless. so, all i did was end up increasing the number of login attempts.

    Thanks a lot all.

    :)

  • Author
    Posts
Viewing 8 posts - 1 through 8 (of 8 total)
  • The forum ‘Other’ is closed to new topics and replies.