Menu
I set a cookie after authentication and user is able to do stuff after login. If the first browser is left running and another browser thread is opened, then I can go right in bypassing login page.
Apparently the cookie that was set in the first browser during login allows second browser thread to access pages without asking for authentication.
This problem is happening with Firefox. In MS IE, multiple browser threads ask for password.
So it seems in IE, this is default behavior while in Firefox there is need to set something explicitly.
How can I set so that multiple browser threads still ask for password?
Thanks!