I use Unifi Protect for my security cameras and the website that I view them remotely on is protect.ui.com. I not only have my Unifi Protect account, but I also have to login to my customer’s Unifi Protect accounts from time to time to configure or view their security cameras. Until recently I did not have a problem with Brave logging out of one account and logging back into another. However, now, when I log out and click the Ubiquiti login button on the protect.ui.com login page, it logs me into my account automatically and doesn’t give me the opportunity to choose who I want to login as. I have also turned off the auto sign in option in Brave, but this does not correct the problem. I have viewed my saved passwords and protect.ui.com is NOT a site that is actually saved in Brave. I have cleared temp files, cache and cookies and nothing works.
Finally, I exported all bookmarks, uninstalled Brave, reinstalled and imported bookmarks back in. After doing that, I could click the Ubiquiti login button and had a choice to input the account I wanted to login to. I input my account credentials and logged in. When I did this, Brave prompted to save the password, but the prompt quickly disappeared without my interaction and logged in. Now it’s back to the same behavior. I can log out, but when I click the Ubiquiti login button, it automatically logs me in to my account without a choice of which account to login to. This is a pretty serious security issue and I need to try to find a resolution so I don’t have to stop using Brave. Please advise.
Steps to reproduce the issue: It happens every time I click the login button.
Actual Result (gifs and screenshots are welcome!): Auto logs me into my account with no ability to input other credentials.
Expected result: I should be able to choose the account that I am logging into.
Reproduces how often: Every time.
Operating System and Brave Version(See the About Brave page in the main menu):
Windows 10 Pro, 64 1909
Brave Version: Version 1.3.118 Chromium: 80.0.3987.116 (Official Build) (64-bit)
Additional Information: This is not happening with other browsers.
@cmedlin,
This will be hard to diagnose since I can’t test on my end but I have a few things to try initially:
Do you have any extensions installed at this time? If so, can you try disabling them and trying the same steps to see if you get different behavior?
After you login, you said the save password prompt appeared, then disappeared quickly. When you are logged in, do you see the “key” icon on the right-hand side of the address bar? If so, click on it and elect to “never” save the site.
Can you tell me what your Shields settings are set to for the site?
Do you have any extensions installed at this time? If so, can you try disabling them and trying the same steps to see if you get different behavior?
Yes. I have LastPass and Evernote. When this was happening, I made sure I was logged out of LastPass, but per your instructions, I have disabled both LastPass and Evernote and the behavior continues.
After you login, you said the save password prompt appeared, then disappeared quickly. When you are logged in, do you see the “key” icon on the right-hand side of the address bar? If so, click on it and elect to “never” save the site.
It was after the initial login after uninstalling and reinstalling Brave that this happened, but I have looked and there is no key icon at the right hand side of the address bar.
Can you tell me what your Shields settings are set to for the site?
Shields are in their default configuration. See below.
@cmedlin,
Very interesting – thank you for the video, definitely much easier to diagnose with the visual. I’m not entirely sure what’s happening, tbh, but I have a few things to try. Before you do either of the below steps, go to the “lock” icon in the address bar (while on the site), then Site Settings and select both Clear data and Reset permissions. Refresh the webpage. Then:
Can you open the Shields panel on the site, make sure Shields = Up, but change the Cookie control setting to All cookies allowed. Let the site refresh then try to login again and see if you get the same results.
If the above doesn’t change anything, try going to brave://settings/content/cookies, toggle on the Clear cookies and site data when you exit Brave option “on”. Then, scroll down to the Clear on exit section, and add an entry for https://[*.]protect.ui.com:443. Now, visit the site, login, then logout again, close the browser (entirely), relaunch and try to login again. Do you get the same results?
Well I think we have found the issue! When I completed the steps provided, I saw another login screen come up very briefly and recognized it as my main Ubiquiti account page; not the Unifi Protect page and I was signed in there. That URL is account.ui.com. Not being signed out of that page is what was causing the issue. I signed out of account.ui.com and voila! It now asks me for credentials to login. I wasn’t even thinking about the account.ui.com page at all because I hardly ever go there.
Now that I have logged into account.ui.com and viewed the security settings, I see that session timeouts were not configured. You can configure them for 1 day, 1 week or 30 days. There’s also an option for 2FA which I am opting into.
Thank you so much for your time and prompt attention to this matter!!!
