Delete session in Tablet browsers – when browser closed
# March 12, 2013 at 6:00 pm
Hi, i have a website, which contains a user area. on tablets the issue is, if a customer login fails for three times, login is disabled for that session, but on a desktop if you close the browser and try to login again, you get more 3 chance to login.
but on a tablet once you fail to login three times, login is disabled for that session, but if you restart the browser, there is no change, and you still have the session retained.
does anyone know a way around this ?
regards# March 14, 2013 at 7:09 pm
If you go to the source code that is providing this functionality, you could rewrite it to fit your situation little better. Maybe increase the number of attempts, etc…
I was under the impression you are just trying to test something and needed to clear session of off tablet.# March 14, 2013 at 7:16 pm
Typically, the whole point of “disabling login” is to prevent the user from trying again. By that measure, the tablet is actually doing a better job – you can’t circumvent the feature by closing and reopening the browser.
Not that I agree that you should be blocking login attempts at all. It’s pointless in security terms, and annoying in regards to UX. It sounds like you don’t *want* your users to be blocked – so why not just “not block them” in the first place?
There are better options after failed login attempts:
(1) Show a “forgot password?” page.
(2) Throttle (slow down) subsequent attempts (this helps guard against brute force attacks).
(3) Send an email to the account owner to find out if it’s them, or an impostor.
You must be logged in to reply to this topic.