Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Kerio WEB Mail Security Issue?!
  •  
bruggles

Messages: 125
Karma: 1
Send a private message to this user
Have observed that when in WEBMAIL and Reminder window is minimized that one can select LOG OUT button in the WEBMAIL interface however this does not close the users reminder Window.

When this is done a user only then needs to reconnect to the WEBSERVER and they are not challenged with username and password to log back in.

I could see this as a possible security issue for a user at a Public Kiosk as a user in a hurry could leave the system and leave their account accessible.

Is there any plans to fix this in future release?

TIA?
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
Are you able to reproduce it or it is a "guess"? What browser do you use? By logging out from the Webmail all sessions are destroyed. Opening WebMail is forcing you to log in. Moreover, the reminder window became non-functional as any subsequent request to the server ends with response "Your session has expired. You must login again.".

So, there is no security issue. You cannot reconnect to Webmail after logging out even if you keep some browser window open.
  •  
bruggles

Messages: 125
Karma: 1
Send a private message to this user
My apolgies I just met with the user and stand corrected, What we are seeing is if the user closes the browser Windows using the X without selecting LOGOUT button AND if there is a reminder window open and minimized then the session remains active.

So my question is why does closing the WEBMAIL browser Window using the X not Log the person off WEBMAIL and not close the Reminder Window.

We are using HTTPS and the browser is Firefox 3.6.9, is there possibly a setting in Firefox that would force termation of the connection?

TIA
  •  
Pomodoro

Messages: 8
Karma: 0
Send a private message to this user
in Firefox 3.6.9

Tools - Options - Privacy and check the "Clear history when Firefox closes". In the "Settings", make sure "Cache" is checked, and any other options that you want to clear out when Firefox closes.


[Updated on: Fri, 17 September 2010 09:11]

  •  
bruggles

Messages: 125
Karma: 1
Send a private message to this user
Super and Many Thanks!! Smile
  •  
marook

Messages: 520

Karma: 3
Send a private message to this user
Pomodoro wrote on Fri, 17 September 2010 09:10
in Firefox 3.6.9
Tools - Options - Privacy and check the "Clear history when Firefox closes". In the "Settings", make sure "Cache" is checked, and any other options that you want to clear out when Firefox closes.


But that does not solve the issue on a PUBLIC machine! Only the ones you control....

It should be possible to add a script that logs out the user when the window is closed. And even closes the Reminder window as well.

Anyway, as setting to not show the damn reminder window all the time would also be nice!

Regards,

Jakob Peterhänsel
Consultant - Humac A/S

Apple Certified Support Professional (ACSP)
Apple Certified Technical Coordinator (ACTC)
AppleSeed/CQF member since 1998
Kerio Messaging Partner
  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
I try to educate my users to click the Logout link before closing the browser, but this is an uphill struggle.Users are just not willing to learn behavior that is not intermediately rewarding to them. Little kids they are! Wink

The question is: is it at all possible to have the page perform actions when the browser is closed? You could argue (from a browser/OS point of view), that a web page should NOT be allowed to do anything anymore when the user closes the window with the red X.

If it IS possible: it would be a nice feature that Webmail quickly and quietly properly logs out the user when (s)he closes the (main) Webmail window. I don't think even 10% of my users do this properly by themselves...
Previous Topic: Directory users and local users in the same group
Next Topic: why my company pays for this
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sat Nov 18 07:05:02 CET 2017

Total time taken to generate the page: 0.00537 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.