Reset Search
 

 

Article

KB23255 - "For Security reasons, your session is no longer accessible From this browser" notification message

« Go Back

Information

 
Last Modified Date2/14/2018 1:45 AM
Synopsis
This article provides details about the notification message "For Security reasons, your  session is no longer accessible from this browser" that is displayed in the browser after launching any of client components from the browser, such as NC, WSAM, or Pulse.  
Problem or Goal
When a user signs-in using a Web browser and launches any of the client components (NC/WSAM/Pulse Secure Desktop Client/Pulse Secure Mobile Client), the following message is generated in the existing browser:
 
For security reasons, your session is no longer accessible from this browser

Example:

Cause
This message is displayed in the browser because by default, the DSID session cookie that was stored in the browser session during initial logon, gets deleted from browser after launching one of the client components (Pulse Secure Desktop Client / NC/ WSAM).

The user can click the link to sign in again, which will terminate any client they have running.  
Solution
This behavior is expected.  By default, the DSID session cookie is removed from the browser after it is transferred to the client component that was launched.

If the PCS admin does not want users to see this message or does not want to have the session cookie removed then they can set the Remove Session Cookie from Browser  to Disabled under Role > General > Session Options:



The PCS issues an HTTP cookie to authenticate a user session (DSID), which is shared by client components (NC/WSAM/Pulse Secure Desktop Client) and the browser. Generally, browsers do not store cookies in any secure manner; so it is relatively easy for an attacker to obtain the DSID cookie and gain access to a secure session.

When this option is enabled, the DSID cookie is removed from the browser which prevents a potential hijacker from gaining access to the session cookie through cross-site scripting, for example.  

By disabling this option it may be possible for an attacker to gain access to the user session cookie if the user's machine is compromised.  
Related Links
Attachment 1 
Created ByData Deployment

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255