2fa prompt on multiple tabs opens incorrect urls
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Canonical SSO provider |
New
|
Undecided
|
Unassigned | ||
Bug Description
I have a chromium profile just for work. I only login to my canonical sites in that profile, and at the end of the working day I close that browser, remembering all my tabs so I can carry on where I left off the next day.
On more than one occasion now I've been prompted to fill in my 2fa code when I start the browser in the morning. Not just once though, in every single tab - as most tabs will contain a document / spreadsheet / email etc that I'm working on.
Two problems exist here:-
1. I have to enter a 2fa code in every single one, because they've all re-directed and have lost the original url
2. After I enter the 2fa code in one, it takes me to a different page than was originally in that tab.
So for example, before shutdown
Tab 1 = email
Tab 2 = calendar
Tab 3 = drive
Tab 4 = document 1
Tab 5 = document 2
etc
When I start in the morning all tabs show 2fa prompt, I go to the first one and enter my code I get a document, go to the second one I get another document, go to the third I get calendar, and so on.
It's very frustrating and the net result is I end up closing _all_ of the tabs and starting all over again
| Simon Davy (bloodearnest) wrote Re: [Bug 1272223] [NEW] 2fa prompt on multiple tabs opens incorrect urls | #1 |
| Alan Pope πΊπ§π± π¦ (popey) wrote | #2 |
On Fri, Jan 24, 2014 at 9:07 AM, Alan Pope γ <email address hidden> wrote:
> Public bug reported:
>
> I have a chromium profile just for work. I only login to my canonical
> sites in that profile, and at the end of the working day I close that
> browser, remembering all my tabs so I can carry on where I left off the
> next day.
I do the same, and suffer similarly, except I use ff for work. I have
about ~10 pinned tabs, and they all hit 2fa on restart
> On more than one occasion now I've been prompted to fill in my 2fa code
> when I start the browser in the morning. Not just once though, in every
> single tab - as most tabs will contain a document / spreadsheet / email
> etc that I'm working on.
>
> Two problems exist here:-
>
> 1. I have to enter a 2fa code in every single one, because they've all re-directed and have lost the original url
So, this is result of the combination of using OpenID and having 2fa
authenticated for a limited time. With just password login, which is
valid for a lot longer, this is not a problem (unless you logged
out/deleted cookie - then you'd have the same issue).
To my mind there's not an obvious solution. We use OpenID, which does
these redirects, and we need to have 2fa on a shorter timeout,
otherwise it's kinda pointless.
One thing we could maybe do to mitigate this add a link on the 2fa
page to take you back to the OpenID referrer url you came from,
perhaps. If you have logged in in another tab, then this is a simple
way to get back.
My workaround is that I 2fa in one tab, then hit the back button drop
down menu on other tabs go back a few redirects o the actual url I
wanted. Still a pain though.
Other workarounds include not closing you browser as often (I usually
only do it 1-2 times per week). But that sucks.
Another includes using firefox (and maybe chrome, not sure) and *not*
having pinned tabs. That means tabs are lazily loaded when you switch
to them for the first time in a session, so you can log in on one, and
when you visit the others, you'll be 2fa'ed and there'll be no
problems.
> 2. After I enter the 2fa code in one, it takes me to a different page than was originally in that tab.
Every time? Or just for some sites?
Hmm, this could be a bug in SSO, but is more likely an issue with the
site using SSO not sending the correct return url to SSO in this
situation.