819098 - Refreshing a secure page after entering valid credentials does not force the user to reenter their credentials

Status: VERIFIED INVALID

(Firefox OS Graveyard :: Gaia::Browser, defect)

Description

[Chris Kreinbring [:CKreinbring]]

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20100101 Firefox/17.0
Build ID: 20121128204232

Steps to reproduce:

1. Launch the browser app.
2. Navigate to a secure site that will require the user to log in (eg gmail.com).
3. Enter valid credentials then sign in.
4. Wait for the page to finish loading, then tap the refresh button in the address bar.
5. Observe the state of the page as it reloads.


Actual results:

The page refreshes, showing the same post-login page.


Expected results:

The page refreshes and shows the log in page, requiring the user to reenter their credentials.

Comment 1

[Ben Francis [:benfrancis]]

Is this another test case? It makes no sense. This sounds like the correct behaviour to me.

Comment 2

[Chris Kreinbring [:CKreinbring]]

(In reply to Ben Francis [:benfrancis] from comment #1)
> Is this another test case? It makes no sense. This sounds like the correct
> behaviour to me.

Yes, this is based off of the Browser test case "Test that Refresh a webpage when the end-user has filled a form".  Its ID is #1748.

Comment 3

[Ben Francis [:benfrancis]]

Naoki, can you figure out what this test case is really trying to test? This bug as filed seems invalid.

Thanks

Comment 4

[Naoki Hirata :nhirata (please use needinfo instead of cc)]

I get the feeling that a step is missed in the test case of clearing the data from the settings button.  I'll look into it further.

Comment 5

[Naoki Hirata :nhirata (please use needinfo instead of cc)]

Oh!  Turns out that it's more of a form fill not a login fill.

We want to make sure that invalidation for the form occurs, not the login itself.  Moving the test case to draft for revision purposes.  This is invalid as stated due to the invalid test case.