You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Taking the advantage of realtime connection, provide following session control tools:
Lock the session : Just like a locking computer screen.
1.5 Step verification: Send an SMS to resume the suspended session:
Suspended Session: If user closed his tab/browser/computer, there is no way to get a heartbeat to the server. At this point, <<<< session is vulnerable to any hijacking attack >>>> where the attacker may hijack the user's session and login the system as the user until user comes back again. When user comes back while the attacker is still logged in the system, both sessions will be dropped and this incident will be reported on the server side.
Locked Session: If user intentionally locks by pressing a button in the page or "Inactivity watchdog" had locked the screen, then all communication will be paused at the server side as if user securely closed his session but there will be a modal window staying open which asks for your password to make the communication resumed. In this case, user's session can not be hijacked.
The text was updated successfully, but these errors were encountered:
Description:
Taking the advantage of realtime connection, provide following session control tools:
Suspended Session: If user closed his tab/browser/computer, there is no way to get a heartbeat to the server. At this point, <<<< session is vulnerable to any hijacking attack >>>> where the attacker may hijack the
user
's session and login the system as theuser
untiluser
comes back again. Whenuser
comes back while the attacker is still logged in the system, both sessions will be dropped and this incident will be reported on the server side.Locked Session: If user intentionally locks by pressing a button in the page or "Inactivity watchdog" had locked the screen, then all communication will be paused at the server side as if user securely closed his session but there will be a modal window staying open which asks for your password to make the communication resumed. In this case, user's session can not be hijacked.
The text was updated successfully, but these errors were encountered: