Closed Bug 1349175 Opened 7 years ago Closed 7 years ago

The browser restores previous session. The user stays logged in

Categories

(Firefox :: Untriaged, defect)

Product:
Firefox
Component:
Untriaged
Version:
52 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 530594

People

(Reporter: deloren89, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.98 Safari/537.36

Steps to reproduce:

NOTE: The issue is reproduced only in Mozilla Firefox 52 (Windows 7 and Windows 10) and in the general browser settings “When Firefox starts” drop down is set to “Show my windows and tabs from last time”.
Steps to Reproduce:
1. Log in to any system that needs credentials entering (e-banking)
2. Enter valid credentials
3. Proceed to any step
4.Click "Close" button in the right upper corner.
5.Open Mozilla Firefox 52 browser again.


Actual results:

The browser restores previous session. The user stays logged in


Expected results:

The session should be interrupted upon closing the browser
This is a well-understood aspect of our session restore implementation. It's not trivial to do the "right" thing here as people have an understandable desire to similarly be able to "keep going where they left off", for which session cookies are expected to be kept. If you run a website that's affected by this, setting the appropriate cache headers on the page in question will ensure we will re-request it from the network, and if your cookies' expiry times are set correctly they will still expire.
Group: firefox-core-security
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.