Auto-login disabled in parallel pages

0 投票
最新提问 用户: (1k 分)

If you have an account with Lloyds Bank, and you log on through their website at https://www.lloydsbank.com/online-banking/home.asp, when opening a separate window on the same website in the same browser, such parallel page does not get logged in as well, and you are required to log in again.

The questions are:

1) At high level, how is it possible to implement such feature in a web product? If they would use cookies to cache the authentication, then it should not matter: the second page should be logged in as straight in, because the browser is sending the same cookies.

2) What are the security flaws behind allowing parallel pages to be opened and logged on in websites?

发表于 用户: (700 分)
That's a technical limitation - exactly because they don't authenticate via cookies - not a feature.

登录 或者 注册 后回答这个问题。

欢迎来到 Security Q&A ,有什么不懂的可以尽管在这里提问,你将会收到社区其他成员的回答。
...