InformAction Forums

Chase bank keeps asking for me to prove who I am over and over each time I go to there site even no I have gave it full rights with noscript and have allowed full cookies permittivity. I have my firefox 3.6b3 set to delete all cookies when FF closes except for save cookies so I don't no how or who or what is getting deleted and buy who. that is, is FF doing it or is nocript settings causing it. Any ideals?

URL of the login page?
Does the site work with FF 3.5?

I have an account at Chase. No problems.

If I'm understanding you correctly, the issue is that you want to save their login cookie permanently, so that you don't have to log in each time you visit. That is very dangerous for something as high-value as a bank or financial site. Just a couple of the many hazards:

I.) If a burglar broke into your home, they could access your Chase account without knowing anything else. Think about it.

2.) If that cookie were ever successfully stolen or copied by a remote attacker, ditto. I allow session cookies only, for *every* cookie, but particularly for sensitive sites. The browser is closed (clearing all history, cookies, etc.), then restarted. Visit bank. Close browser *again*, deleting all cookies and history, and re-start before going anywhere else. Much safer.

It is much more difficult for an attacker to steal that cookie while you are actually engaged in a secure session (TLS, formerly called SSL) with Chase, than when you are at Facebook or whatever. "Theoretically", the secure cookie should not be returned except to the same origin (Chase.com), but coding mistakes happen and attacks happen. So don't even have the cookie on your machine except during that secure session.

If I've misunderstood your question, please clarify. Otherwise, please consider this advice very carefully.

P. S. Do you have "Private Browsing Mode" enabled? That would (properly) drop the Chase cookie afterward.