On my university’s website, there is a post login security check from Duo Security that just loads an iFrame once you enter your password, does whatever the hell it does, and apparently verifies that your login is legit (somehow).
But it only works when I’m on the current tab. If I log in and then switch to a different tab, it does nothing. If you switch back after a little bit, it will continue doing its thing as soon as you do, but wait too long and the session expires and you have to enter your credentials again.
Is it using some JS API to know whether I’m on its tab or not, or is it doing something even weirder? Is it possible to make Firefox report to every open page that I’m always on its tab, even when I’m not?
It’s been possible for much longer, using
window.onblur
This new API may be somewhat smarter (for example, onblur is triggered even if you change to a new window with the original webpage open behind it)