Doubt on Browser compatibility
I have to test 'Remember Me on this Computer' functionality implemented in our websites login window.ITs and online insurance website.This functionality will only save the last login who had checked the option and not the password.
This information will be saved in the clients cookie.
I having one scenario but i want to know whether i am on a right track.
SCenario is :- I check the checkbox for a particular login say 'john' in IE7 browser and then I open Mozilla browser , should the login 'john' displayed in login field assuming that both browsers are saving cookies and not clear them unless manually done.
Also let me know any other cases where the login functionality will not be hampered.
Thanks in Advance.
I have nothing to declare except my genius. -Oscar Wilde
Re: Doubt on Browser compatibility
No, IE and Mozilla, specifically, use different methods of storing the cookies.
Now, if you were to return to the site using IE, then you would see this stored login.
A couple other thoughts on this. First of all, what type of information is being stored on the site? how sensitive is this data? Whenever I work on web projects I think, "Could someone steal my identity with this information?" If the answer is "Yes" then I probably should be storing any part of the login.
Why? Well inthe even that someone stupid logs into the site from somewhere like, say, a library, then I have part of their login information. If you don't have any additional technology to immediately detect and prevent brute force attacks against the password, then this "Remember Me" probably isn't a great idea.
Secondly, and this is on the secutiry front again, you need to make sure that the sessions are not tracked through cookies and that they are terminated in a timely manner. Again, if someone has access to those cookies, they could, very well, use session tracking information to force their way into the account.
Let's face it, my bank doesn't store my login for my onlinebanking account and I'm sure it's not to cause me an inconvenience, right? So I'd say, blog, SURE remember me away. Insurance website. Meh, not so much.
9 out of 10 people I prove wrong agree that I'm right. The other person is my wife.
Re: Doubt on Browser compatibility
Brent, I think you mean, should *not* be.
Mr. Perfect, make sure you run the same test on the same browser as a control. For instance, I open browser 1 and go to the main page and it asks me to log in. I log into the site. I close the browser.
The next step in case 1 is to open browser 2 and go to the main page and see if I'm still logged in.
The next step in the control case is to re-open browser 1 and see if I'm still logged in.
If both cases fail, it has nothing to do with the browser being used. In that instance closing the browser ends the session regardless of the browser type.
However, if only case 1 fails, I would also do it in reverse e.g. start in browser 2 and use browser 1 as the control. If this reverse case also fails, then the login session is specific to the browser in which it was opened regardless of the type of browser.
The caveat to all this testing is as Brent noted: expected behavior. There are good reasons why all of my so-called test cases would fail, and that is if the site were set up so that the session was extremely protected and should not ever be reinvoked without log in, like a bank session as he mentioned. In which case the cases actually pass.
And as a good tester, what I would look for in that case would be for the session to fail at some point unexpectedly because it was too protected. I would be looking for vulnerabilities as I go from page to page or module to module, testing at the place where my interaction with the system passes from 1 part of the architecture to another. Or time. Looking for it to time out during a session.
Thats my two cents.