Disabling back button in the browser.



  • We at Samagra are working with the Indian State Government. As a mandate, we are required to have a security audit for all our tech stack. FusionAuth being part of it also requires to be audited. We are facing a couple of issues here,

    1. The admin session does not log out itself after the specified period in Tenant => OAuth. We have specified it for 60 seconds. Is there any way I can debug this?

    2. They are asking us to disable the back button on the browser for all sensitive pages including users, tenants, etc. The attack vector here is the browser itself. Since we are not able to add additional JS on the pages that are not managed by themes, we are finding it a bit difficult.

    We are okay with Enterprise support as well if this is a feature that is provided to enterprise customers.

    Thanks.



  • re: #1, please see my answer here: https://fusionauth.io/community/forum/topic/12/can-i-configure-the-inactivity-timeout-of-the-fusionauth-session-cookie?_=1610490171675

    re: #2 I forwarded your message on to the team and someone should be reaching out about support options.

    Thanks!


Log in to reply
 

Looks like your connection to FusionAuth Forum was lost, please wait while we try to reconnect.