held session cookies
under review
J
John Messina
I noticed that if I close the browser without logging out, that I can return to the tithe.ly site and remain logged in. It appears that the session cookies are being saved, which is a security risk for users accessing the site on a shared computer. Please consider timing out the login and invalidating the cookie to prevent unauthorized access.
J
John Messina
Here are a couple other things to fix as well with the code used to embed into the web site. 1) Once logged in, any subsequent access to the function through the "Give" button only asks for the pin. Unless you actually logout, you're never asked for the username/password. Therefore, 2 factor authentication is reduced to 1 factor. 2) On Firefox, the pin is visible as it is being entered. Chrome produces dots when entering the pin.
Adam Barry
under review
Adam Barry
Thanks for the feedback John Messina. We'll take a look into this.