Re: upgrade to 8900AX-2400:why the following issues?
Posted: Wed Dec 12, 2018 11:40 am
I have been told the next firmware version should incorporate a message, when the logout successful message is shown, to indicate you must close your web browser to logout completely.gatekeeper wrote: ↑Wed Dec 12, 2018 11:16 am I've now tested 'Logout' on my Windows machine, which runs Win10. Yes, on that, I find that, upon clicking 'Logout' at bottom-right, I get a pop-up asking me to confirm that I wish to log out of the router's GUI. Then clicking OK does certainly clear the CURRENT page - BUT IT DOESN'T TAKE YOU OUT OF THE GUI. Instead, it merely takes you back to the first page of it, the Summary. Therefore you are still in the GUI. This is wrong, and so surely if Logout is to mean anything it needs to take you COMPLETELY out of the GUI?
As regards the peculiar things that happen when I try logging out on my Mac, I can only conclude that that's due to the Mac's browser now being too out-of-date and so having some incompatibilities with the 8900's firmware, and therefore the functioning of the 8900's GUI. (Some of the features of Billion forum content don't work for the same reason, I think, so I'm pretty sure that my Mac definitely needs updating).
But my Windows machine is most certainly up to date. I noticed, on the Windows machine, that because logging out still leaves you in the GUI (and therefore you're not logged out at all!), the only thing that's then possible to do (at all!) is to exit the browser entirely (therefore ending the browser session). You don't even seem to get the opportunity to just switch to, or go to, a normal website; you're forced to exit from the browser, and so if you wish to interact with a website from that moment on, you have to completely re-open the browser. The same is the case on the Mac, as it happens.
This, in my view, is a terrible way of working (but thankfully not required very often, as normally you wouldn't be constantly accessing the router's GUI, though of course it'd certainly annoy users with a regular interest in the line/LAN stats). You might just as well not have that logout feature, and just be able to switch to a normal website instead. However, if you do that, you leave a security loophole in place, in that if the firmware gives you no ability to specifically log out from the router and you remain within the current browser session, then access back into the router's GUI without signing in is possible and represents a potential risk that someone other than the GUI's administrator, but yet someone who might normally legitimately use the self same machine, would have unfettered access to the GUI. Unless I'm missing something, I think that not only have the Billion developers got the logic wrong (or rather, muddled) in this regard but also the basic logging-out process itself, when used, doesn't in fact take you out of the GUI. If I'm right about this, it'd need immediate attention.