FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login

    Disabling back button in the browser.

    Scheduled Pinned Locked Moved
    General Discussion
    0
    2
    2.8k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      chakshu
      last edited by

      We at Samagra are working with the Indian State Government. As a mandate, we are required to have a security audit for all our tech stack. FusionAuth being part of it also requires to be audited. We are facing a couple of issues here,

      1. The admin session does not log out itself after the specified period in Tenant => OAuth. We have specified it for 60 seconds. Is there any way I can debug this?

      2. They are asking us to disable the back button on the browser for all sensitive pages including users, tenants, etc. The attack vector here is the browser itself. Since we are not able to add additional JS on the pages that are not managed by themes, we are finding it a bit difficult.

      We are okay with Enterprise support as well if this is a feature that is provided to enterprise customers.

      Thanks.

      1 Reply Last reply Reply Quote 0
      • danD
        dan
        last edited by

        re: #1, please see my answer here: https://fusionauth.io/community/forum/topic/12/can-i-configure-the-inactivity-timeout-of-the-fusionauth-session-cookie?_=1610490171675

        re: #2 I forwarded your message on to the team and someone should be reaching out about support options.

        Thanks!

        --
        FusionAuth - Auth for devs, built by devs.
        https://fusionauth.io

        1 Reply Last reply Reply Quote 0
        • First post
          Last post