Closed
Bug 1349175
Opened 7 years ago
Closed 7 years ago
The browser restores previous session. The user stays logged in
Categories
(Firefox :: Untriaged, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 530594
People
(Reporter: deloren89, Unassigned)
Details
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.98 Safari/537.36 Steps to reproduce: NOTE: The issue is reproduced only in Mozilla Firefox 52 (Windows 7 and Windows 10) and in the general browser settings “When Firefox starts” drop down is set to “Show my windows and tabs from last time”. Steps to Reproduce: 1. Log in to any system that needs credentials entering (e-banking) 2. Enter valid credentials 3. Proceed to any step 4.Click "Close" button in the right upper corner. 5.Open Mozilla Firefox 52 browser again. Actual results: The browser restores previous session. The user stays logged in Expected results: The session should be interrupted upon closing the browser
Comment 1•7 years ago
|
||
This is a well-understood aspect of our session restore implementation. It's not trivial to do the "right" thing here as people have an understandable desire to similarly be able to "keep going where they left off", for which session cookies are expected to be kept. If you run a website that's affected by this, setting the appropriate cache headers on the page in question will ensure we will re-request it from the network, and if your cookies' expiry times are set correctly they will still expire.
Group: firefox-core-security
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•