Security: Session Will Not Timeout When Machine is In Standby

Question

Security: Session Will Not Timeout When Machine is In Standby

Closed this issue 9 years ago · 6 comments

I was discovered today that if a workstation is put into standby (while logged into WP) or a laptop lid is closed, Clef will not end the session.

Steps to recreate:

Login to WP using Clef

Do work. . . . .

Put workstation into standby or close lid on laptop

Let Clef session time out or log out manually using the device app

Log into workstation or laptop (min/hrs/day later)

Continue working in the WP admin area (Your still logged in!)

Tested in Chrome (on Chromebook and Windows) and IE10+

This is a huge security issue that needs the upmost attention

Answer 1 · 2015-05-06T17:34:27.000Z

Looking into this now. This is likely a site-specific issue - can you email us at support@getclef.com so we can investigate?

Answer 2 · 2015-05-06T17:51:42.000Z

Hi jessepollak,

It was brought to my attention by a team member so I tested it on a site I am working on - He is working on another site on separate servers so it isn't "a site-specific issue". Thnx

Answer 3 · 2015-05-06T17:53:12.000Z

Thanks for the additional information. Do these sites share any similar plugins or custom code? Can you share the URLs for their login pages?

Answer 4 · 2015-05-06T18:15:37.000Z

Sorry, I am traveling but I can say nothing else is installed on the site I started working with today (still with the Twenty Fifteen

Answer 5 · 2015-05-06T20:50:39.000Z

Can you verify that you are logged out when the machine isn't in standby?

Answer 6 · 2015-06-18T00:34:40.000Z

Closing as this has not been seen again. Please reopen if it's still an issue.