Server-sided password management

[alfablac]

TBH, I couldn't find a better place to ask and a better title to the topic,
but I accessed one of the password protected folders of my server with incognito mode on a fixed IP connection.
Some days later I accessed the same folder again using the same incognito mode (after closing it) and the same IP.
And it didn't ask for login.
Are passwords handled by IP (since it didn't ask besides I didn't store cookies)
or by HFS session (because of previous login and I didn't close HFS)?

thanks in advance.

[bmartino1]

the login is with in the hfs cookie and the session id, signs like a cookie problem, although, i have used chrome (incognito mode) with protected login credentials, and have never experienced your issue.

are you using a addon in chrome that does stiff to the cookies?

This sounds like something rejeto would need to take a look at, i cant' confirm, but i don't doubt that it has not happend...
there are some fixes to the cookies on the forum, try adding the session to the different template to the house / hfs default template

http://www.rejetto.com/forum/html-templates/troubleshooting-hfs-cookie-issues-on-rename-in-the-default-template/

this is assuming that the error is in the browser and is not making the cookie...

[LeoNeeson]

I really doubt the so-called 'incognito' mode of Chrome works 100% flawless (talking about privacy) as they advertise (that's why I always prefer Firefox than Chrome). Chrome must be saving the cookies or the session id, or it must be messing something else. I think it's a Chrome issue, not an HFS problem.

Try to recreate this, using the "New Private Window" of Firefox, and say us if this problem continues.

[alfablac]

I really doubt the so-called 'incognito' mode of Chrome works 100% flawless (talking about privacy) as they advertise (that's why I always prefer Firefox than Chrome). Chrome must be saving the cookies or the session id, or it must be messing something else. I think it's a Chrome issue, not an HFS problem.

Try to recreate this, using the "New Private Window" of Firefox, and say us if this problem continues.

WTF
Tried and it didn't ask for login too. O.o
Probably it was recorded from a previous session (Yes, it was an private window too).
Don't know if it's my setting. Pretty much bizarre. The IP is fixed. I didn't get this problem on dyamic IPs,
hence my question about the server-sided management.
I'll use a cleaning too. Might be a cookie from a non-incognito mode messing up the session.

EDIT: Well. Checked the option "Delete cookies after closing Chrome", stopped using adblock on incognito and kicked all idle connections. One of that options worked. Np right now.

[LeoNeeson]

Might be a cookie from a non-incognito mode messing up the session.

Yes, that was the problem. If you have a cookie from a non-incognito mode session, when you use the incognito mode, Chrome uses that cookie from the non-incognito session. That's why "Delete cookies after closing Chrome" it's a good option to use when you use the incognito mode. I'm glad you solved the problem...

[rejetto]

If you have a cookie from a non-incognito mode session, when you use the incognito mode, Chrome uses that cookie from the non-incognito session.

i'd be very surprised if this is true.

[rejetto]

TBH, I couldn't find a better place to ask and a better title to the topic,

it's all perfectly fine

Are passwords handled by IP (since it didn't ask besides I didn't store cookies)
or by HFS session (because of previous login and I didn't close HFS)?

if i'm not wrong, password is currently handled in 2 ways in HFS: both the old stupid http authentication, and cookie.
When you use incognito it should not use information not coming from the incognito, and also not save incognito stuff after the browser is closed.
I use Chrome, and chrome will store incognito stuff all incognito windows are closed.
The only thing that comes to my mind is that you may not have closed all other incognito's, and so your browser decided to not "forget".
Try complete quitting to be sure.

[LeoNeeson]

i'd be very surprised if this is true.

Sadly, it has happened to me. I don't use Chrome, I use 'SRWare Iron', which is based on Chromium (the open source version of Chrome). After that, I don't use 'Incognito mode' anymore. If I need something similar to Incognito, I run the portable version of 'SRWare Iron', deleting the unzipped portable folder after I finish. That way, no profile is saved at all. Way better than the Incognito-mode...

[rejetto]

Leo, i'd say that not-saving is better than deleting.
Deleted stuff can be restored if you don't make proper treatment.

[LeoNeeson]

Leo, i'd say that not-saving is better than deleting.
Deleted stuff can be restored if you don't make proper treatment.

It's true. You have to make a proper deletion, but not my case. What I've said, it's not for browsing in 'sensitive' websites. It was more to avoid being tracked by 'bad' cookies and other trash that Chrome may leave on purpose (to linking your 'searches' with your 'email', and other social sites). Because is there a great interest in 'profiling' users all along the web (especially, Google, Facebook, etc). That's why if a website have 'share' buttons (not your case), it would be smart to use the 'Social Share Privacy' (jQuery plugin) [you can read more information about this, on that website].