Avoid 'sso' and 'remember-device' cookies persistence after closing browser

Hi, i'm using FusionAuth 1.36.8 hosted on my own server with hosted login pages for Blazor application.

I have implemented sign-in and sign-out successfully including the inactivity timeout, but i still have one problem to solve: if the user closes the browser and reopens it, the session will still be there unless the JWT has already expired.

I have noticed that the fusionauth.sso and fusionauth.remember-device are set as persistent cookies with an expiration in 2090.

If i manually delete these 2 cookies and close the browser and open it again, the session is gone as i expected and the user is required to authenticate again.

Is there a way to configure the behavior of these cookies?

Thanks

Sorry, after further testing i noticed that if the registration fields are disabled, then the registration process is ignoring them. I had to emulate the disable with "readonly" and some style:

<script type="text/javascript">
window.onload = function () {
	const queryString = window.location.search;
	const urlParams = new URLSearchParams(queryString);
	if (urlParams.has('user.email'))
	{
		document.getElementById("email").readOnly = true;
		document.getElementById("email").style.backgroundColor = "#1e73be";
		document.getElementById("firstName").readOnly = true;
		document.getElementById("firstName").style.backgroundColor = "#1e73be";
		document.getElementById("lastName").readOnly = true;
		document.getElementById("lastName").style.backgroundColor = "#1e73be";
	}
};
</script>

I was able to block the fields on the registration form by adding this javascript to the OAuth Register theme:

<script type="text/javascript">
	window.onload = function () {
		const queryString = window.location.search;
		const urlParams = new URLSearchParams(queryString);
		if (urlParams.has('user.email'))
			{
		        document.getElementById("email").disabled = true;
				document.getElementById("firstName").disabled = true;
				document.getElementById("lastName").disabled = true;
			}
	};
</script>

So if the registration form is used directly it workes as before, but if i'm passing the parameters on the URL from the invitation email, then those fields are pre-populated and blocked.

I also disabled the email verification altogether, so that is not a issue anymore.

Hahaha, i was able to figure out half of it by adding these at the end:

&user.firstName=Anakin&user.lastName=Skywalker&user.email=anakin@tattoine.com

Any ideas for the email verification and potential blocking of the fields?

Hi,

I'm trying to implement an invitation workflow for new users which is triggered from inside my application.

The result is that the invitee receives an email with a link to simply login if the user was previously determined to be in my FusionAuth instance, but if the user does not exist, then the link is to the registration form. Here is an example link:

https://auth.whatevermyappis.com/oauth2/register?tenantId=8537366e-84dc-4711-a465-eadd8cea2f1c&client_id=757504bb-6c14-4913-bb50-608ad5ff46e2&pendingIdPLinkId=&redirect_uri=https%3A%2F%2Fapp.whatevermyappis.com&response_mode=form_post&response_type=code&scope=openid%20profile

I would like to be able to add some additional parameters in the url that would pre-populate some fields on the registration UI, for example, the Email, First Name and Last Name are known to my when the URL is crafted and the invitation email is sent.

It would be even better if those fields would be even better if those fields will be disabled from editing (at least the email) so whichever email was sent by the person doing the invitation will be the same one the end-user will use for registration.

Finally, i would be amazing if a parameter could drive that email is marked as verified since the link was clicked because the email was succesfully received by the end-user.

Please let me know if this is possible, or any workaround already exist, if not, how do i put it as a feature request.

Thanks

Thank you, this worked.

I'm getting the Maintenance Mode Failed error screen and i see the information below in the log file after trying to upgrade from a working instance of version 1.36.0 to version 1.43.0

 MySQL driver is missing but the database configuration is pointing to a MySQL database.

Here is more details about my environment/upgrade process:

• Running on Kubernetes with MySQL being another container on the same cluster
• Everything is working fine on version 1.36.0 so the driver is present and the DB connection is correct
• Originally installed version 1.2x.x and then upgrade to 1.36.0 using Helm
• Tried to upgrade to version 1.43.0 using Helm and got this error, also tried version 1.42.0 and 1.41.0
• If i downgrade back to version 1.36.0 it works fine again
• My Helm repo is the latest:

NAME                    CHART VERSION   APP VERSION     DESCRIPTION
fusionauth/fusionauth   0.12.1          1.42.0          Helm chart for FusionAuth

• My parameters files is based of the latest one from here:

https://raw.githubusercontent.com/FusionAuth/charts/master/chart/values.yaml

• The parameters (for the DB configuration, etc) are the same as before when i upgraded to version 1.36.0
• I tried to download the JAR file but wget is not available on the server and i cannot install it because the user within the container connection is not a root

This is the complete log file:

Defaulted container "fusionauth" out of: fusionauth, wait-for-db (init)
Starting fusionauth-app...
  --> Logging to /usr/local/fusionauth/logs/fusionauth-app.log
2023-02-18 01:24:48.827 PM INFO  io.fusionauth.api.configuration.DefaultFusionAuthConfiguration - Loading FusionAuth configuration file [/usr/local/fusionauth/config/fusionauth.properties]
2023-02-18 01:24:48.943 PM INFO  io.fusionauth.api.configuration.DefaultFusionAuthConfiguration - Dynamically set property [fusionauth-app.url] set to [http://10.1.188.223:9011]
2023-02-18 01:24:48.947 PM INFO  com.inversoft.configuration.BasePropertiesFileInversoftConfiguration -
  - Overriding default value of property [database.mysql.enforce-utf8mb4] with value [true]
  - Overriding default value of property [FUSIONAUTH_APP_RUNTIME_MODE] with value [production]
  - Overriding default value of property [SEARCH_TYPE] with value [database]

2023-02-18 01:24:49.134 PM INFO  io.fusionauth.api.configuration.DefaultFusionAuthConfiguration - Loading FusionAuth configuration file [/usr/local/fusionauth/config/fusionauth.properties]
2023-02-18 01:24:49.137 PM INFO  io.fusionauth.api.configuration.DefaultFusionAuthConfiguration - Dynamically set property [fusionauth-app.url] set to [http://10.1.188.223:9011]
2023-02-18 01:24:49.141 PM INFO  com.inversoft.configuration.BasePropertiesFileInversoftConfiguration -
  - Overriding default value of property [database.mysql.enforce-utf8mb4] with value [true]
  - Overriding default value of property [FUSIONAUTH_APP_RUNTIME_MODE] with value [production]
  - Overriding default value of property [SEARCH_TYPE] with value [database]

2023-02-18 01:24:49.577 PM INFO  com.inversoft.maintenance.DefaultMaintenanceModeWorkflow -

---------------------------------------------------------------------------------------------------------
---------------------------------- Entering Silent Configuration Mode -----------------------------------
---------------------------------------------------------------------------------------------------------

2023-02-18 01:24:49.579 PM ERROR com.inversoft.maintenance.db.DatabaseSilentModeWorkflowTask - Encountered an error while running silent mode
java.lang.IllegalStateException: MySQL driver is missing but the database configuration is pointing to a MySQL database.
        at com.inversoft.maintenance.db.JDBCMaintenanceModeDatabaseService.lockDatabase(JDBCMaintenanceModeDatabaseService.java:291)
        at com.inversoft.maintenance.db.DatabaseSilentModeWorkflowTask.perform(DatabaseSilentModeWorkflowTask.java:43)
        at com.inversoft.maintenance.DefaultMaintenanceModeWorkflow.performSilentConfiguration(DefaultMaintenanceModeWorkflow.java:47)
        at com.inversoft.maintenance.BaseMaintenanceModePrimeMain.modules(BaseMaintenanceModePrimeMain.java:70)
        at org.primeframework.mvc.BasePrimeMain.hup(BasePrimeMain.java:69)
        at org.primeframework.mvc.BasePrimeMain.start(BasePrimeMain.java:100)
        at io.fusionauth.app.FusionAuthMain.main(FusionAuthMain.java:27)
2023-02-18 01:24:51.044 PM INFO  io.fusionauth.api.configuration.DefaultFusionAuthConfiguration - Loading FusionAuth configuration file [/usr/local/fusionauth/config/fusionauth.properties]
2023-02-18 01:24:51.048 PM INFO  io.fusionauth.api.configuration.DefaultFusionAuthConfiguration - Dynamically set property [fusionauth-app.url] set to [http://10.1.188.223:9011]
2023-02-18 01:24:51.051 PM INFO  com.inversoft.configuration.BasePropertiesFileInversoftConfiguration -
  - Overriding default value of property [database.mysql.enforce-utf8mb4] with value [true]
  - Overriding default value of property [FUSIONAUTH_APP_RUNTIME_MODE] with value [production]
  - Overriding default value of property [SEARCH_TYPE] with value [database]

2023-02-18 01:24:51.810 PM INFO  com.inversoft.maintenance.MaintenanceModePoller - Poller started to Wait for configuration to be completed.
2023-02-18 01:24:51.818 PM INFO  io.fusionauth.app.primeframework.FusionHTTPContextAuthSetup - Initializing the FusionAuth HTTP Context.
2023-02-18 01:24:51.848 PM INFO  org.primeframework.mvc.PrimeMVCRequestHandler - Initializing Prime
2023-02-18 01:24:51.850 PM INFO  org.primeframework.mvc.PrimeMVCRequestHandler - Initializing Prime
2023-02-18 01:24:51.852 PM INFO  io.fusionauth.http.server.HTTPServer - Starting the HTTP server. Buckle up!
2023-02-18 01:24:51.881 PM INFO  io.fusionauth.http.server.HTTPServer - HTTP server listening on port [9011]
2023-02-18 01:24:51.882 PM INFO  io.fusionauth.http.server.HTTPServer - HTTP server started successfully
2023-02-18 01:24:51.883 PM INFO  io.fusionauth.http.server.HTTPServer - Starting the HTTP server. Buckle up!
2023-02-18 01:24:51.884 PM INFO  io.fusionauth.http.server.HTTPServer - HTTP server listening on port [9012]
2023-02-18 01:24:51.885 PM INFO  io.fusionauth.http.server.HTTPServer - HTTP server started successfully

Please help.

Thanks

@dan Thanks for your reply. I'm already using the logout endpoint to perform the user-initiated logout and also the automatic logout based on user inactivity.

My issue is that if the user closes the browser, the session is still valid and if you open the browser again you will be able to use the application which you had previously "closed" (but not logged out).

I'm looking for a way to convert these cookies into non-persistent cookies so the user will be forced to login again everytime -- i know this user experience implications, but this is part of my requirements.

Thanks.

Hi, i'm using FusionAuth 1.36.8 hosted on my own server with hosted login pages for Blazor application.

I have implemented sign-in and sign-out successfully including the inactivity timeout, but i still have one problem to solve: if the user closes the browser and reopens it, the session will still be there unless the JWT has already expired.

I have noticed that the fusionauth.sso and fusionauth.remember-device are set as persistent cookies with an expiration in 2090.

If i manually delete these 2 cookies and close the browser and open it again, the session is gone as i expected and the user is required to authenticate again.

Is there a way to configure the behavior of these cookies?

Thanks