Security problem with Belgium government websites

Browser Support Desktop Support
1

Description of the issue:
When logging in to Belgian government websites (via CSAM software used to login), and logging out, everything looks normal. But when you then want to login again it turns out that you were not logged out at all, but still logged in with all privileges and specifications of the first logged in session. This makes it also impossible to login with another user identification. Nor using a private window, nor restarting Brave solves this issue, only waiting long enough until some unknown time limit is exceeded

How can this issue be reproduced?
Go to website
https://www.mijngezondheid.belgie.be/#/
and do a login / then a logout / and then a login again
(but you need a possibility to login to Belgian government systems)

Expected result:
Permanent logout

Brave Version( check About Brave):
1.40.105

Additional Information:

2

@Meijn

In a Brave Browser > New Window, go to: brave://settings/getStarted

  • Select: Open a specific page or set of pages
  • Select: Add a new page
  • Enter: about:blank (notice the colon)

In other words, you are DISABLING: Continue where you left off

Next, go to: brave://settings/clearBrowserData

For tab Advanced

  • Set: Time range:All time
  • Enable: Browsing history
  • Enable: Cookies and other site data (Signs you out of most sites)
  • Enable: Cached images and files
  • Enable: Autofill form data
  • Enable: Hosted app data

Click on the ‘Clear data’ button.

(The ‘Clear data’ button also saves the selections.)

Next, go to: brave://settings/clearBrowserData

For tab On exit

  • Enable: Browsing history
  • Enable: Cookies and other site data (Signs you out of most sites)
  • Enable: Cached images and files
  • Enable: Hosted app data

Click on the ‘Save’ button.

Cookies check

In a Brave Browser > New Window, go to: brave://settings/cookies and in the upper-right area of the window, enter into the Search field: mijngezondheid.belgie.be

Then, search down the Cookies settings page and check to see if mijngezondheid.belgie.be shows under Sites that can always use cookies. If exists, then remove the mijngezondheid.belgie.be entry.

3

Maybe that solves this special security issue, but creates too much other problems and hence is not practical to use.
Remark : other browsers do not have that security issue !

4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.