S
Shaun Wilde
I am authenticating users to a site using client certificates and all is well
except for a few issues.
#1) Once a browser has been challenged, if the user leaves the site in the
same browser and then returns the browser isn't recallenged even if the
session has expired. Is there a way to force a rechallenge?
#2) If I want to use the certificate to sign some data I'd like the user to
present the password again to their certificate (to avoid the popped to
toilet security scenario), this is for critical processes.
I tried opening up child windows etc however it seems that parent/child
windows share this authentication information by default and I can't see how
to stop that?
Thankx
Shaun Wilde
except for a few issues.
#1) Once a browser has been challenged, if the user leaves the site in the
same browser and then returns the browser isn't recallenged even if the
session has expired. Is there a way to force a rechallenge?
#2) If I want to use the certificate to sign some data I'd like the user to
present the password again to their certificate (to avoid the popped to
toilet security scenario), this is for critical processes.
I tried opening up child windows etc however it seems that parent/child
windows share this authentication information by default and I can't see how
to stop that?
Thankx
Shaun Wilde