July 2019
Hello,
I was trying to logout of my Fido account in order to see the phones in store. The website asks to either upgrade the device or logout from your account if you want to see the Phones section on the website (strange).
Anyways... I am logging out but then when I click on the Phones section of the website I get the same popup message asking me to either upgrade my device or logout (I already did the logout)
This is a programming bug. When you do the logout the session identifier is not properly cleared from the browser so your session is still active in the background.
I think in order to do a real logout I would need to clean all the cookies and session junk in my browser.
Nobody wants to do that because you lose all sorts of other important history data.
The issue is also that if the session_id is not properly destroyed it can also be exploited in maleficent ways.
Please revise the issue and let me know if this is the case. I am really concerned about the security risks.
Thank you
Solved! Go to Solution.
July 2019
Hey again @varulvarul !
Our teams have tried to reproduce this on our end on Google Chrome but we're unable to. Can you test it again and let us know if it continues to happen?
Keep us posted, if it does continue to happen we'll send you a PM to look into it further.
July 2019
Hi,
thank you for the fast reply.
It actually worked today. and I did not have to clear my history in the browser.
Great. that was a quick fix.
When it first happened I tested repeated times, maybe 10, 11 times with browser restart and even PC restart.
In the meanwhile I tried again now and it just worked.
thanks
July 2019
Hey @varulvarul!
We do understand your concerns and we're looking into this. We'll get back to you as soon as we have an update