Option to share session data between selected services #1084
Comments
|
I'm going to second this. I was just sucking it up, but now my company requires us to re-login every 12 hours and it has become enough of a pain to do this across multiple services each day that I probably loose more time using Ferdium than I would just having all of the tabs open in a normal browser window. |
|
Sorry - this will not happen since we want to uphold the security stance from the past. Sharing session data across tabs directly violates our architectural choices. |
I am sorry, but this is a bad decision. Having to log in to the same iDP several time creates bad user behaviour - weak passwords, MFA workarounds etc. The psychological factors makes this a less secure setup. |
|
Hello, I know it is closed, but please @vraravam reconsider this. I think the @ravager-dk is right with his argument. Furthermore this should be a user decision. You forcing your decision/way of working on everyone else and think this is not a good solution. I can decide on my own if I want to share the session data with several apps or not. Best |
|
@ravager-dk + @maddin79 - anyone is welcome to dive into the code and provide such an implementation as you want. This is an open source project, contributed to by unpaid volunteers. Based on choices done by the contributors in the past, the decision was that this is a bad choice and will not be implemented. If you want to, you can definitely raise a PR with the fix that you are suggesting. |
|
@vraravam Thanks you for the fast response and you are right, it is open source and everyone can do this. I my case, I unfortunately do not have the time to contribute to this and I'm a simple user. |
|
sorry - similar to you, i do not have time to contribute more than the current contributions. As you can see, other contributors are also stepping back and only doing the bare minimum as they can (good for them!). |
|
Hello! I've been working on a feature for Ferdium that actually tackles this issue. As my time is short now, I haven't been able to push it further but possibly in the future I can work on this. I have tested sending session data from a computer using Ferdium to a new computer with a new Ferdium install and it worked fine. I'm working now on a way to encrypt/decrypt data (can't remember if I achieved this already but possibly yes) and some general fixes as well (for instance, auto-rebooting the app after loading the services from the other install). As @vraravam states, security wise, this might be concerning, given the fact that we are using the same session across different devices (and, overall, losing control of which session is active and where). But if this is something several users want, I can push it forward nevertheless. All the data is sent and received by Ferdium clients through a websocket connection to Ferdium Server. I can assure I'll make it work in a way to guarantee that Ferdium server will NEVER store any user sensitive data. And, in the case that there is a man-in-the-middle attack for some reason, the data is encrypted using end-to-end encryption, so there is no way of anyone encrypting the data without knowing the RSA private certificate generated by the receiving client. |
|
For me at least, sending session data between clients is not a desired solution. I would prefer it just with the same client across select services. |
|
@SpecialAro For me it also seems like this is a bit different use case. This problem described here is more about sharing the session data between services in the same installation. But maybe your work is helpful to implement this feature? |
|
Oh yes, my bad! Sharing session data shouldn't be so hard to implement (in theory at least). We just have to give access to the same partition for several services. From the Electron webview docs: Though, you loose the security by not having services sandboxed anymore. |
|
@SpecialAro That looks not to complicated. I had a peek look at the code, but I'm not familiar with the used framework. If someone points me to the right code and could give me a link, where a brief explanation of the framework is given, I'll give it a try. |
|
I'm re-opening this issue as I've been experimenting and I almost have a final working version that allows multi-sandboxes (not only one per service, but you can now group services in the same sandbox so they share session data). Or, even better (or worse, from a security POV) disable sandboxing completely and have all services on one single partition. I'm just finalizing UI/UX related stuff (it's terrible but functional... Dark theme does not work properly with MUI, working on that ATM) but once I finish I'll raise a PR 😁 |
|
@SpecialAro Hey, that is awesome. Looking forward to test this. Thank you very much for your effort |
Preflight Checklist
Problem Description
Having to log into multiple services that use the same account is tedious, especially when company SSO enforces 2FA.
Proposed Solution
The ability to link session data between 2 or more services would be nice. For instance, if I have a Google Calendar service logged in using my company's SSO, it would be nice to have the Gmail service share the session so that when the session expires, I only need to go through the SSO 2FA once.
Alternatives Considered
The alternative would be that I suck it up and deal with it, as I always have. It's not that big of a deal, just a nice-to-have.
Additional Information
No response
The text was updated successfully, but these errors were encountered: