Bug #4564
closedRegistration page blocked on private browser windows
0%
Description
Yesterday I wanted to send someone a link to the CAC registration page, but I was already logged in. So I opened a private browser window to start a non-logged in session and clicked "Register." When I did, I hit a 403 error (screenshot attached).
I am assuming we are blocking access for security reasons. Or maybe Lihua instituted something and we are not aware. In any case, it would be nice if the server could provide a more explicit error message. What do you think? Maybe this isn't a common use case and we can ignore it.
Files
Updated by Boone Gorges over 8 years ago
- Status changed from Assigned to Reporter Feedback
Access is not blocked for private browsers per se. However, access to /register/ is blocked for clients that don't have our secret cookie. The cookie is created during a normal visit to any regular page of the Commons (such as the front page). So if you're opening a private browsing session (in which all your normal browser cookies are ignored), and navigate immediately to /register/, you'll be blocked. However, if you open the private browsing session and navigate first to a normal Commons page before going to /register/, it should work. Could you please verify that this is the case?
This block is in place for security reasons - it prevents most botnet attacks on /register/. If you can confirm that my description above is correct, then I think we should leave this in place, as the workflow described there is very atypical.
Updated by Matt Gold over 8 years ago
- Status changed from Reporter Feedback to Rejected
Thanks for the explanation, and okay -- yes -- confirmed that when starting from the CAC homepage on a private window, I can access the Registration page.