Closed Bug 249814 Opened 20 years ago Closed 20 years ago

Session cookies are not unique to the instance of the browser that created them.

Categories

(Firefox :: General, defect)

x86
Windows XP
defect
Not set
major

Tracking

()

VERIFIED DUPLICATE of bug 117222

People

(Reporter: nickh, Assigned: bugzilla)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040626 Firefox/0.9.1
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040626 Firefox/0.9.1

Session cookies are meant to identify a "conversation" between an agent and a
webpage in a unique way. Currently (FireFox 0.9.1) a session cookie that is
created on one tab, will be sent back to the website when it is accessed by a
different tab. Even two separate browser instances seem to "share" session
cookies. This is a bug. It is impossible to use 2 separate running copies of
FireFox to maintain 2 separate "sessions" on a given website. This is very bad,
and needs to be fixed.

Reproducible: Always
Steps to Reproduce:
1. Visit a webpage that uses a session cookie.
2. Use another instance of FireFox to access the same webpage.
3. Notice that you are using the same "session".

Actual Results:  
Session cookies are shared across browser instances.

Expected Results:  
ANY cookie with a maximum age of 0 should be considered a session cookie, and
should only be sent back to the originating website by the window that created
it. Other tabs, or running copies of FireFox should NOT send session cookies
that they did not originally accept.

This may cause much trouble in web-applications because often data is saved to
the "session". This can cause any data stored in the session to become available
to another browser instance. This is a major flaw that can cause web
applications to fail.

*** This bug has been marked as a duplicate of 117222 ***
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.