Author Topic: Server-sided password management  (Read 2009 times)

0 Members and 1 Guest are viewing this topic.

Offline alfablac

  • Occasional poster
  • *
  • Posts: 11
    • View Profile
Server-sided password management
« on: February 18, 2016, 07:32:37 PM »
TBH, I couldn't find a better place to ask and a better title to the topic,
but I accessed one of the password protected folders of my server with incognito mode on a fixed IP connection.
Some days later I accessed the same folder again using the same incognito mode (after closing it) and the same IP.
And it didn't ask for login.
Are passwords handled by IP (since it didn't ask besides I didn't store cookies)
or by HFS session (because of previous login and I didn't close HFS)?

thanks in advance.

Offline bmartino1

  • Tireless poster
  • ****
  • Posts: 848
  • I'm only trying to help i mean no offense.
    • View Profile
    • My HFS Google Drive Shared Link
Re: Server-sided password management
« Reply #1 on: February 20, 2016, 07:27:31 PM »
the login is with in the hfs cookie and the session id, signs like a cookie problem, although, i have used chrome (incognito mode) with protected login credentials, and have never experienced your issue.

are you using a addon in chrome that does stiff to the cookies?

This sounds like something rejeto would need to take a look at, i cant' confirm, but i don't doubt that it has not happend...
there are some fixes to the cookies on the forum, try adding the session to the different template to the house / hfs default template

http://www.rejetto.com/forum/html-templates/troubleshooting-hfs-cookie-issues-on-rename-in-the-default-template/

this is assuming that the error is in the browser and is not making the cookie...
I'm only trying to help i mean no offense.
thank you for your time and patience,
Bmartino1

Offline LeoNeeson

  • Tireless poster
  • ****
  • Posts: 579
  • Solitario...
    • View Profile
    • twitter.com/LeoNeeson
Re: Server-sided password management
« Reply #2 on: February 21, 2016, 05:55:22 AM »
::) I really doubt the so-called 'incognito' mode of Chrome works 100% flawless (talking about privacy) as they advertise (that's why I always prefer Firefox than Chrome). Chrome must be saving the cookies or the session id, or it must be messing something else. I think it's a Chrome issue, not an HFS problem.

Try to recreate this, using the "New Private Window" of Firefox, and say us if this problem continues.
« Last Edit: February 21, 2016, 05:58:15 AM by LeoNeeson »
HFS in Spanish (HFS en Español) / How to compile HFS (Tutorial)
• I'm open to help and share any file you may need (just ask me) ;)

Offline alfablac

  • Occasional poster
  • *
  • Posts: 11
    • View Profile
Re: Server-sided password management
« Reply #3 on: February 27, 2016, 01:50:58 PM »
::) I really doubt the so-called 'incognito' mode of Chrome works 100% flawless (talking about privacy) as they advertise (that's why I always prefer Firefox than Chrome). Chrome must be saving the cookies or the session id, or it must be messing something else. I think it's a Chrome issue, not an HFS problem.

Try to recreate this, using the "New Private Window" of Firefox, and say us if this problem continues.

WTF
Tried and it didn't ask for login too. O.o
Probably it was recorded from a previous session (Yes, it was an private window too).
Don't know if it's my setting. Pretty much bizarre. The IP is fixed. I didn't get this problem on dyamic IPs,
hence my question about the server-sided management.
I'll use a cleaning too. Might be a cookie from a non-incognito mode messing up the session.

EDIT: Well. Checked the option "Delete cookies after closing Chrome", stopped using adblock on incognito and kicked all idle connections. One of that options worked. Np right now.
« Last Edit: February 27, 2016, 01:56:42 PM by alfablac »

Offline LeoNeeson

  • Tireless poster
  • ****
  • Posts: 579
  • Solitario...
    • View Profile
    • twitter.com/LeoNeeson
Re: Server-sided password management
« Reply #4 on: February 28, 2016, 08:39:44 AM »
Might be a cookie from a non-incognito mode messing up the session.
Yes, that was the problem. If you have a cookie from a non-incognito mode session, when you use the incognito mode, Chrome uses that cookie from the non-incognito session. That's why "Delete cookies after closing Chrome" it's a good option to use when you use the incognito mode. I'm glad you solved the problem... :)
HFS in Spanish (HFS en Español) / How to compile HFS (Tutorial)
• I'm open to help and share any file you may need (just ask me) ;)

Offline rejetto

  • Administrator
  • Tireless poster
  • *
  • Posts: 12949
    • View Profile
Re: Server-sided password management
« Reply #5 on: March 06, 2016, 05:39:28 PM »
If you have a cookie from a non-incognito mode session, when you use the incognito mode, Chrome uses that cookie from the non-incognito session.

i'd be very surprised if this is true.

Offline rejetto

  • Administrator
  • Tireless poster
  • *
  • Posts: 12949
    • View Profile
Re: Server-sided password management
« Reply #6 on: March 06, 2016, 05:58:19 PM »
TBH, I couldn't find a better place to ask and a better title to the topic,

it's all perfectly fine

Quote
Are passwords handled by IP (since it didn't ask besides I didn't store cookies)
or by HFS session (because of previous login and I didn't close HFS)?

if i'm not wrong, password is currently handled in 2 ways in HFS: both the old stupid http authentication, and cookie.
When you use incognito it should not use information not coming from the incognito, and also not save incognito stuff after the browser is closed.
I use Chrome, and chrome will store incognito stuff all incognito windows are closed.
The only thing that comes to my mind is that you may not have closed all other incognito's, and so your browser decided to not "forget".
Try complete quitting to be sure.

Offline LeoNeeson

  • Tireless poster
  • ****
  • Posts: 579
  • Solitario...
    • View Profile
    • twitter.com/LeoNeeson
Re: Server-sided password management
« Reply #7 on: March 07, 2016, 07:26:17 AM »
i'd be very surprised if this is true.
Sadly, it has happened to me. I don't use Chrome, I use 'SRWare Iron', which is based on Chromium (the open source version of Chrome). After that, I don't use 'Incognito mode' anymore. If I need something similar to Incognito, I run the portable version of 'SRWare Iron', deleting the unzipped portable folder after I finish. That way, no profile is saved at all. Way better than the Incognito-mode...
HFS in Spanish (HFS en Español) / How to compile HFS (Tutorial)
• I'm open to help and share any file you may need (just ask me) ;)

Offline rejetto

  • Administrator
  • Tireless poster
  • *
  • Posts: 12949
    • View Profile
Re: Server-sided password management
« Reply #8 on: March 15, 2016, 10:12:57 AM »
Leo, i'd say that not-saving is better than deleting.
Deleted stuff can be restored if you don't make proper treatment.

Offline LeoNeeson

  • Tireless poster
  • ****
  • Posts: 579
  • Solitario...
    • View Profile
    • twitter.com/LeoNeeson
Re: Server-sided password management
« Reply #9 on: March 17, 2016, 07:45:44 AM »
Leo, i'd say that not-saving is better than deleting.
Deleted stuff can be restored if you don't make proper treatment.
It's true. You have to make a proper deletion, but not my case. What I've said, it's not for browsing in 'sensitive' websites. It was more to avoid being tracked by 'bad' cookies and other trash that Chrome may leave on purpose (to linking your 'searches' with your 'email', and other social sites). Because is there a great interest in 'profiling' users all along the web (especially, Google, Facebook, etc). That's why if a website have 'share' buttons (not your case), it would be smart to use the 'Social Share Privacy' (jQuery plugin) [you can read more information about this, on that website].
« Last Edit: March 17, 2016, 07:54:14 AM by LeoNeeson »
HFS in Spanish (HFS en Español) / How to compile HFS (Tutorial)
• I'm open to help and share any file you may need (just ask me) ;)