The Logout Button on fido.ca does not clear the session (Chrome Browser)

Reply
I'm a Participant Level 3 varulvarul
I'm a Participant Level 3

The Logout Button on fido.ca does not clear the session (Chrome Browser)

Hello,

 

I was trying to logout of my Fido account in order to see the phones in store. The website asks to either upgrade the device or logout from your account if you want to see the Phones section on the website (strange).

 

Anyways... I am logging out but then when I click on the Phones section of the website I get the same popup message asking me to either upgrade my device or logout (I already did the logout)

 

This is a programming bug. When you do the logout the session identifier is not properly cleared from the browser so your session is still active in the background.

I think in order to do a real logout I would need to  clean all the cookies and session junk in my browser.

 

Nobody wants to do that because you lose all sorts of other important history data.

 

The issue is also that if the session_id is not properly destroyed it can also be exploited in maleficent ways.

 

Please revise the issue and let me know if this is the case. I am really concerned about the security risks.

 

Thank you

Accepted Solution

Re: The Logout Button on fido.ca does not clear the session (Chrome Browser

Hi,

 

thank you for the fast reply.

 

It actually worked today. and I did not have to clear my history in the browser.

 

Great. that was a quick fix.

 

When it first happened I tested repeated times, maybe 10, 11 times with browser restart and even PC restart.

In the meanwhile I tried again now and it just worked.

 

thanks

View solution in context
Flag this to a Moderator
Message 1 of 4
210 Views
Moderator
Moderator

Re: The Logout Button on fido.ca does not clear the session (Chrome Browser

Hey @varulvarul!

 

We do understand your concerns and we're looking into this. We'll get back to you as soon as we have an update Smiley

 

 



Flag this to a Moderator
Message 2 of 4
185 Views
Moderator
Moderator

Re: The Logout Button on fido.ca does not clear the session (Chrome Browser

Hey again @varulvarul !

 

Our teams have tried to reproduce this on our end on Google Chrome but we're unable to. Can you test it again and let us know if it continues to happen?

 

Keep us posted, if it does continue to happen we'll send you a PM to look into it further.

 

 

 

 



Flag this to a Moderator
Message 3 of 4
167 Views
Highlighted
I'm a Participant Level 3 varulvarul
I'm a Participant Level 3
Solution

Re: The Logout Button on fido.ca does not clear the session (Chrome Browser

Hi,

 

thank you for the fast reply.

 

It actually worked today. and I did not have to clear my history in the browser.

 

Great. that was a quick fix.

 

When it first happened I tested repeated times, maybe 10, 11 times with browser restart and even PC restart.

In the meanwhile I tried again now and it just worked.

 

thanks

Flag this to a Moderator
Message 4 of 4
154 Views