Closed Bug 435333 Opened 16 years ago Closed 14 years ago

Always remebering exchange logon and password

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INCOMPLETE

People

(Reporter: gloffler, Unassigned)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9) Gecko/2008051206 Firefox/3.0
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9) Gecko/2008051206 Firefox/3.0

We run an Exchange 2003 server. When using the OWA for the first time I get the Remember Password popup, when I select Never and close the program, it still logs on automatically. I have verified that the exchange site (mail.wrah.com) is on the don't remember password list. Removing the password brings up the Microsoft logon screen the next time, but then saves the password again. Shutting down and restarting Mozilla does not bring up the logon screen, just straight into the last account logged on to.

Reproducible: Always

Steps to Reproduce:
1.Log on to Exchange 2003 account, select never remember password
2.Close Mozilla
3. Go to exchange site again, logs automatically on.
Actual Results:  
logs on to account

Expected Results:  
Should not remember password
Seems to be a time component to this.  Closing Mozilla does not remove the password from memory right away.  Leaving the program closed overnight does seem to remove the logon and password information.
You might be confusing cookies and password manager.
Remembering the password auto-fills the login and password fields, where cookies will keep you logged in to a site during a session/specified period of time. For something like exchange web access; cookies are required to navigate the site without having to log in after every action. There may be a few addons https://addons.mozilla.org/en-US/firefox/ to manage cookies that could be of use, but even better, you will probably want to configure your exchange web server to issue only session cookies rather than cookies that expire after a specified time (24 hours by your description).
If however your exchange server is already set to issue session cookies then this could be a cookie bug.
(In reply to comment #2)
I also forgot to mention. If you are a user of the exchange server rather than someone with the power to change cookie settings, there is an option in the page permissions (Tools menu > Page Info > Permissions) to 'Allow for Session' on cookies.
Please check these things and report your findings so we can properly triage this bug with the results.
Resolving unconfirmed bugs older than a year with no activity as INCOMPLETE.  Please reopen or file a new bug if you can still reproduce the bug.
Status: UNCONFIRMED → RESOLVED
Closed: 14 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.