On Fri, Jan 24, 2014 at 9:07 AM, Alan Pope ㋛ <email address hidden> wrote:
> Public bug reported:
>
> I have a chromium profile just for work. I only login to my canonical
> sites in that profile, and at the end of the working day I close that
> browser, remembering all my tabs so I can carry on where I left off the
> next day.
I do the same, and suffer similarly, except I use ff for work. I have
about ~10 pinned tabs, and they all hit 2fa on restart
> On more than one occasion now I've been prompted to fill in my 2fa code
> when I start the browser in the morning. Not just once though, in every
> single tab - as most tabs will contain a document / spreadsheet / email
> etc that I'm working on.
>
> Two problems exist here:-
>
> 1. I have to enter a 2fa code in every single one, because they've all re-directed and have lost the original url
So, this is result of the combination of using OpenID and having 2fa
authenticated for a limited time. With just password login, which is
valid for a lot longer, this is not a problem (unless you logged
out/deleted cookie - then you'd have the same issue).
To my mind there's not an obvious solution. We use OpenID, which does
these redirects, and we need to have 2fa on a shorter timeout,
otherwise it's kinda pointless.
One thing we could maybe do to mitigate this add a link on the 2fa
page to take you back to the OpenID referrer url you came from,
perhaps. If you have logged in in another tab, then this is a simple
way to get back.
My workaround is that I 2fa in one tab, then hit the back button drop
down menu on other tabs go back a few redirects o the actual url I
wanted. Still a pain though.
Other workarounds include not closing you browser as often (I usually
only do it 1-2 times per week). But that sucks.
Another includes using firefox (and maybe chrome, not sure) and *not*
having pinned tabs. That means tabs are lazily loaded when you switch
to them for the first time in a session, so you can log in on one, and
when you visit the others, you'll be 2fa'ed and there'll be no
problems.
> 2. After I enter the 2fa code in one, it takes me to a different page than was originally in that tab.
Every time? Or just for some sites?
Hmm, this could be a bug in SSO, but is more likely an issue with the
site using SSO not sending the correct return url to SSO in this
situation.
On Fri, Jan 24, 2014 at 9:07 AM, Alan Pope ㋛ <email address hidden> wrote:
> Public bug reported:
>
> I have a chromium profile just for work. I only login to my canonical
> sites in that profile, and at the end of the working day I close that
> browser, remembering all my tabs so I can carry on where I left off the
> next day.
I do the same, and suffer similarly, except I use ff for work. I have
about ~10 pinned tabs, and they all hit 2fa on restart
> On more than one occasion now I've been prompted to fill in my 2fa code
> when I start the browser in the morning. Not just once though, in every
> single tab - as most tabs will contain a document / spreadsheet / email
> etc that I'm working on.
>
> Two problems exist here:-
>
> 1. I have to enter a 2fa code in every single one, because they've all re-directed and have lost the original url
So, this is result of the combination of using OpenID and having 2fa
authenticated for a limited time. With just password login, which is
valid for a lot longer, this is not a problem (unless you logged
out/deleted cookie - then you'd have the same issue).
To my mind there's not an obvious solution. We use OpenID, which does
these redirects, and we need to have 2fa on a shorter timeout,
otherwise it's kinda pointless.
One thing we could maybe do to mitigate this add a link on the 2fa
page to take you back to the OpenID referrer url you came from,
perhaps. If you have logged in in another tab, then this is a simple
way to get back.
My workaround is that I 2fa in one tab, then hit the back button drop
down menu on other tabs go back a few redirects o the actual url I
wanted. Still a pain though.
Other workarounds include not closing you browser as often (I usually
only do it 1-2 times per week). But that sucks.
Another includes using firefox (and maybe chrome, not sure) and *not*
having pinned tabs. That means tabs are lazily loaded when you switch
to them for the first time in a session, so you can log in on one, and
when you visit the others, you'll be 2fa'ed and there'll be no
problems.
> 2. After I enter the 2fa code in one, it takes me to a different page than was originally in that tab.
Every time? Or just for some sites?
Hmm, this could be a bug in SSO, but is more likely an issue with the
site using SSO not sending the correct return url to SSO in this
situation.