Clever Geek Handbook

Closing browser after failed login 3 times

after login failed 3 times (wrong password, username), I want to close my browser window / windows / tab. how can i do this in javascript or php? and also you can give me some advice on what can i do for my system when user cannot login 3 times. thank.

+2


source to share


7 replies


Sorry, this is a little out of the box, but: Don't do this. There are good reasons why things like window.close()

won't do it without a prompt. I admit that there are conceivable cases where this might be a good approach, but bypassing user control measures like this, you probably end up shooting in the foot, even if the target is good.

Several options for how this shooting can happen:



  • You think it's a good idea to do it in your case, but yells, users don't think so. Even though you were confident that this would be the best usability you have ever thought of.
  • Hackcound includes some things that break something else somewhere. In another browser. In the old version. With a specific browser plugin. With some unusual custom settings.
  • A future browser version causes the attacker to fail, and you somehow created your interaction model to depend on the hackcount, even though you were sure that on one occasion you did an alternative approach ... only you didn't, to this one place because you yourself used the hackgound and didn't notice that you expected it to always work.
  • Hackcound works great ... but only when you're watching. Under some pretty normal conditions that shouldn't affect it, it suddenly breaks something else and you end up spending days debugging some weird fringe problem that is ultimately caused by hackers. I mean, this hackcound didn't cause anything like that. It really shouldn't. But it happened.
+20


source


I agree with Ilari Kajaste when he says, "Don't do it." The last thing the user wants is unsafe behavior. I've never come across a website that closes a window after invalid login attempts, so it's almost certainly going to confuse your users. Secondly, it will destroy any history the user has in their back button, which might interfere with some users.
When you get multiple failed logins, you can prevent them from logging in for a certain period of time (say 10 minutes). You can do this by saving the time of your third invalid login to your database and checking on subsequent logins how much time has passed since their last attempt. If it's under your doorstep, you don't even check the password. Just make sure you explain that someone cannot login 10 minutes after 3 failed logins.



+5


source


In JavaScript, you can call ...

window.close();

But this will cause the browser to display a prompt asking them to confirm that they want to close the browser (unless you close the child window you previously spawned).

There is no way in these tips.

+4


source


Just temporarily lock the user account on the server side for n minutes.

+3


source


Can you redirect the page to another page?

+1


source


If you are going to block a user account, do not do it after 3 attempts.
I have so many passwords that I have to try at least 5 times on some sites before I get the correct one ...

+1


source


  • Protection against further attempts to log on to the server.
  • Either redirect to the error page as Dorhan mentioned, or display the message "sorry, too many login attempts, please try again in an hour" on the login page rather than in the login / password field.

As SEO tells us, you really never want to coerce a user away from your site, in an SEO called Lost Return On Investment, the opposite of what you do for SEO.: P Redirect to another page on your own site. definitely preferable.

+1


source






More articles:


All Articles