Bypasing authentication after cookie set. How to fix?

@ploceusMar 20.2008

I set a cookie after authentication and user is able to do stuff after login. If the first browser is left running and another browser thread is opened, then I can go right in bypassing login page.

Apparently the cookie that was set in the first browser during login allows second browser thread to access pages without asking for authentication.
This problem is happening with Firefox. In MS IE, multiple browser threads ask for password.

So it seems in IE, this is default behavior while in Firefox there is need to set something explicitly.

How can I set so that multiple browser threads still ask for password?

Thanks!

to post a comment

PHP

Success!

Help @ploceus spread the word by sharing this article on Twitter...

Tweet This

about: ({
version: 0.1.9 — BETA 6.18,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});

changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...

recent_tips: (
tipper: @nearjob,
tipped: article
amount: 1000 SATS,

tipper: @meenaratha,
tipped: article
amount: 1000 SATS,

tipper: @meenaratha,
tipped: article
amount: 1000 SATS,
)...

Bypasing authentication after cookie set. How to fix?

0Be the first to comment 😎

Also in #PHP _↴

Success!

Social

Version

Bypasing authentication after cookie set. How to fix?

0Be the first to comment 😎

Also in #PHP ↴

Success!

The web is an endless sea of information. Don't miss the boat... Subscribe!

Social

Version

Also in #PHP _↴