- This topic is empty.
-
AuthorPosts
-
March 12, 2013 at 6:00 pm #43340amyth91Participant
Hi, i have a website, which contains a user area. on tablets the issue is, if a customer login fails for three times, login is disabled for that session, but on a desktop if you close the browser and try to login again, you get more 3 chance to login.
but on a tablet once you fail to login three times, login is disabled for that session, but if you restart the browser, there is no change, and you still have the session retained.
does anyone know a way around this ?
thanksregards
March 12, 2013 at 6:10 pm #127964CrocoDillonParticipantReboot the tablet?
March 12, 2013 at 6:18 pm #127965AlenParticipantTablet is most likely saving your session. Open the browser, go to settings and clear cache and cookies. Then try again.
March 14, 2013 at 5:24 pm #128255amyth91Participantoh my.
That’s a lot for a user to do.
any other way we can do it ? may be using native js or jquery, and can write a script to delete browser cookies when tab is closed or window is closed.
March 14, 2013 at 7:09 pm #128270AlenParticipantYour system has a security functionality built in, that you want to take away with JavaScript. So what is the point of having it in the first place?
If you go to the source code that is providing this functionality, you could rewrite it to fit your situation little better. Maybe increase the number of attempts, etc…
I was under the impression you are just trying to test something and needed to clear session of off tablet.
March 14, 2013 at 7:16 pm #128271__ParticipantTypically, the whole point of “disabling login” is to prevent the user from trying again. By that measure, the tablet is actually doing a better job – you can’t circumvent the feature by closing and reopening the browser.
Not that I agree that you should be blocking login attempts at all. It’s pointless in security terms, and annoying in regards to UX. It sounds like you don’t *want* your users to be blocked – so why not just “not block them” in the first place?
There are better options after failed login attempts:
(1) Show a “forgot password?” page.
(2) Throttle (slow down) subsequent attempts (this helps guard against brute force attacks).
(3) Send an email to the account owner to find out if it’s them, or an impostor.
March 14, 2013 at 9:09 pm #128277TheDocMember> Typically, the whole point of “disabling login” is to prevent the user from trying again. By that measure, the tablet is actually doing a better job – you can’t circumvent the feature by closing and reopening the browser.
This.
March 18, 2013 at 9:51 pm #128698amyth91ParticipantI did realize that blocking a user and then restarting the browser to allow login is senseless. so, all i did was end up increasing the number of login attempts.
Thanks a lot all.
:)
-
AuthorPosts
- The forum ‘Other’ is closed to new topics and replies.