FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login
    1. Home
    2. chakshu
    3. Posts
    C
    • Profile
    • Following 0
    • Followers 0
    • Topics 2
    • Posts 6
    • Best 0
    • Controversial 0
    • Groups 0

    Posts made by chakshu

    • Disabling back button in the browser.

      We at Samagra are working with the Indian State Government. As a mandate, we are required to have a security audit for all our tech stack. FusionAuth being part of it also requires to be audited. We are facing a couple of issues here,

      1. The admin session does not log out itself after the specified period in Tenant => OAuth. We have specified it for 60 seconds. Is there any way I can debug this?

      2. They are asking us to disable the back button on the browser for all sensitive pages including users, tenants, etc. The attack vector here is the browser itself. Since we are not able to add additional JS on the pages that are not managed by themes, we are finding it a bit difficult.

      We are okay with Enterprise support as well if this is a feature that is provided to enterprise customers.

      Thanks.

      posted in General Discussion
      C
      chakshu
    • RE: Can I configure the inactivity timeout of the FusionAuth Session cookie?

      @dan said in Can I configure the inactivity timeout of the FusionAuth Session cookie?:

      Session Timeout

      I tried doing that for the admin user with a one-minute timeout. It wasn't logging me out for inactivity. I haven't created an application and I was using other tabs for quite some time.

      posted in Q&A
      C
      chakshu
    • RE: Can I configure the inactivity timeout of the FusionAuth Session cookie?

      @dan Yes exactly that.

      posted in Q&A
      C
      chakshu
    • RE: Can I configure the inactivity timeout of the FusionAuth Session cookie?

      Can we control the auto-logout time for the admin as well?

      posted in Q&A
      C
      chakshu
    • RE: Search Limitations and Bypassing them.

      Also there is an issue of the query that FA uses to get the results from PSQL. So there is limit of ~32k even if elastic search is not the limiting factor. https://stackoverflow.com/questions/1009706/postgresql-max-number-of-parameters-in-in-clause.

      posted in General Discussion
      C
      chakshu
    • Search Limitations and Bypassing them.

      I am trying to get all the phone numbers of users for a group, to send them notifications. The number of users are in the range of 1-2 Million. I have a couple of questions,

      • Is FA the best place to have such time of queries or should I create a pipeline and publish updates elsewhere?
      • Is there an API planned which can allow me to get users data with specific fields - name, phone number or just the data field?
      • Is it advisable to modify elastic search to index only certain properties and get results directly from there without fetching the database - Bypassing FA APIs? (I have updated the index.max_result_window to the number of results that I am expecting). Is there is way to make those queries through FA?
      posted in General Discussion
      C
      chakshu