On 25/01/2021 12:34, Terry Coles wrote: > Hi, > > I have set up basic protection for my Minster Control Web page using the > information in the man page for flask-httpauth see: > > http://manpages.ubuntu.com/manpages/groovy/man1/flask-httpauth.1.html > > My App uses the code in the first example given and works fine, except that > if I > log in to my secured page using Chromium, I am never challenged for the > password after the first login, even after I have shut down the browser. If > I > log in with Firefox, everything is good, ie, once logged in, I can re-enter > the page without being challenged again until I shut down the browser. In > that instance I am challenged again when I surf to the protected page. > > Chromium has not saved the password. > > Can anyone explain what is going on and is this likely to be a security issue?
I imagine this will be to do with the cookie and session cookie settings you have set for those browsers. My guess is you have Firefox set to clear them when closed, but not with Chromium. Whether this is an issue depends on how you judge the situation to be, but also how long it takes for the login cookie to expire. The longer it takes for it to expire, the bigger the risk of someone getting access if they eg pocket someone's device. Hamish
signature.asc
Description: OpenPGP digital signature
-- Next meeting: Online, Jitsi, Tuesday, 2021-02-02 20:00 Check to whom you are replying Meetings, mailing list, IRC, ... http://dorset.lug.org.uk New thread, don't hijack: mailto:dorset@mailman.lug.org.uk
