RT-N66U - logging out doesn't really log you out

[tbessie]

So I just got my RT-N66U today (replacement for a faulty one), set it up, and now it's up and working on my home network.

There were several annoying glitches in the firmware (.108), as people have noticed.

One I noticed that probably isn't that worrisome, but is notable, is that when you "log out" of the router admin page, it says you're logged out. However, if you go back there with the same browser, you're not really logged out.

I figured it must be storing my password in a cookie (or just a "trusted host" cookie, perhaps), and not making me log in each time. Logging out doesn't seem to actually DO anything... a good, secure router would clear that cookie.

Anyway, I did a before/after check to see if there was a new cookie set after visiting the router page, and there wasn't.

However, if I exit all instances of my browser, then restart the browser, then go to the router page, I'm asked for my password again. Rather curious... I wonder how the router is storing my logged-in state such that I'd see this effect.

I'm probably missing something ridiculously obvious - anyone know why a login session would be tied to a browser instance running, and I'd see no new cookie created by the router admin page?

- Tim

 

[jerry6]

cache ? clear it see if it logs in

 

[tbessie]

cache ? clear it see if it logs in

Hmm, I was sure I tried clearing the cache beforehand and it didn't help, but seems to be working now, at least with Firefox on Windows. Chrome on Windows, however, doesn't - clearing the cache didn't log me out. Seems browser-dependent.

- Tim

 

[Somchie]

Tim, I had these issues on my Mac using Firefox before I updated to the latest firmware. Firefox on Windows 7 had no issues though.

 

[tbessie]

Tim, I had these issues on my Mac using Firefox before I updated to the latest firmware. Firefox on Windows 7 had no issues though.

Well, I'm ignoring it for now. Hopefully they'll fix that eventually.

(I'm running .108 right now, by the way).

- Tim

 

[srinivasvaradaraj]

I can absolutely confirm this issue, just wondering if anyone has reported this to Asus, if not I will send out a ticket to them. This is poor session mangement on ASUS side, coupled with lack of HTTPS option and needs to be fixed.

 

[tbessie]

I can absolutely confirm this issue, just wondering if anyone has reported this to Asus, if not I will send out a ticket to them. This is poor session mangement on ASUS side, coupled with lack of HTTPS option and needs to be fixed.

Please do report it - I haven't yet.

Simple things like router admin security should be one of the first things they make sure work. :-(

- Tim

 

[gary8vi]

Logging out works with IE 9 or Chrome as long as I close the browser.

Hi,

Have FW version .116b and when I log out and close / turn-off the browser I will need to log back in to see and use the 66U GUI.

When I log out I get a clear screen with "You have log out successfully". If I don't close the browser I can re-connect to the 66u using a desktop or toolbar link - like I didn't log off.

Logging out and staying logged out with IE 9 or Chrome seems to be working as long as I close the browser after logging out. Turn the browser on again and I need to log in to connect to the 66u.

 

[mrcom]

Hi,

Have FW version .116b and when I log out and close / turn-off the browser I will need to log back in to see and use the 66U GUI.

When I log out I get a clear screen with "You have log out successfully". If I don't close the browser I can re-connect to the 66u using a desktop or toolbar link - like I didn't log off.

Logging out and staying logged out with IE 9 or Chrome seems to be working as long as I close the browser after logging out. Turn the browser on again and I need to log in to connect to the 66u.

I agree if you want to log out you atleast close the tab and to be really shure close the browser. And thats what all the online banks recommend to.