Why does Azure DevOps stay logged in when opened in Incognito
Question
Today I noticed that our company's on-premise Azure DevOps server displayed this odd behavior. When I opened the DevOps web dashboard (through our internal domain) in Google Chrome's incognito mode, it showed me being logged in, even though I made sure I hadn't logged into the website through incognito beforehand. I then tried manually deleting the cache, cookies, session data and everything else I could find and it still kept me logged in. This behavior doesn't occur when tested with Firefox's Private Browsing mode.
When logging out of DevOps the "right" way (eg by clicking the Log Out button), you get a message saying: You must close your browser to complete the sign out process. which might have something to do with this whole thing. If you don't close your browser and go back to the DevOps web dashboard, you just stay logged in.
My question is if anyone knows where the session data for the Azure DevOps web dashboard is stored and how they managed to implement the logging-in system this way?
1 answers
solution1
0 2019-12-02 10:02:57
Solved it by watching the network traffic in Chrome. It sends a NT LAN request which is apparently a Microsoft proprietary authentication method. That's why deleting session files or using Incognito does nothing.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.