Device Identification failed on firefox 67 beta

CaliOpen / Caliopen

Entry point for Caliopen messaging platform project

GNU Affero General Public License v3.0

316 stars 26 forks source link

Device Identification failed on firefox 67 beta #1379

Open seringue opened 5 years ago

seringue commented 5 years ago

Device Identification failed on firefox 67 beta

Each time I login it tells me that it is a new device, send a mail to verify it.
From thunderbird, I click the link in the mail which opens it in a new tab, asks for login then verify the device.
close the new tab, go back to the pinned one, after a while it asks for login again and then back to step 1.

I don't know if it's a good idea on a security level but if the cookies from previous authorized sessions is there may be it's an authorized device?

cal01

MonsieurLanza commented 5 years ago

The device is identified from data set in localStorage. If firefox is configured to discard local data after each session, Caliopen cannot authentify it next time, as it will create a new device ID & signature key pair.

seringue commented 5 years ago

I don't think this is the case here, I have deactivated anti-tracking for Caliopen in firefox and allowed cookies and local storage in Cookie Autodelete extension. Moreover, even without closing firefox, just disconnect reconnect does it.

cal02

seringue commented 5 years ago

My bad, thought deactivating blocking was also allowing cookies, turns out I also needed a separate authorization for cookies...