web interface credentials surviving a reboot when using Firefox and IE

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Post Reply
bthurber
OpenVpn Newbie
Posts: 15
Joined: Thu May 25, 2017 12:21 pm

web interface credentials surviving a reboot when using Firefox and IE

Post by bthurber » Thu Jun 15, 2017 1:40 pm

If users log into the OpenVPN AS web interface using Firefox or IE and login then reboot and go back to the OpenVPN AS web interface using those browsers they are still logged in. Is this intended behavior? It doesn't seem as secure as most would like.

Repro steps
* Login to Windows
* Open Firefox
* Browse to https://vpn.companyname.com
* Enter Username/Password select Connect drop-down and click Go
* User is logged in and asked for their Google Authenticator code
* Restart Windows
* Open Firefox
* Browse to https://vpn.companyname.com

The user sees the logged in screen with "Connect" and "Logout" buttons as well as the option to download a client and a user-locked profile

We are NOT seeing this issue with Google Chrome - users are forced to login again after reboot.

Post Reply