Closed Bug 1225487 Opened 9 years ago Closed 8 years ago

Can't use window.crypto.logout()

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Version:
35 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WONTFIX

People

(Reporter: thomas.poillot, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:42.0) Gecko/20100101 Firefox/42.0
Build ID: 20151029151421

Steps to reproduce:

I am trying to get my website working on firefox > 38.
With firefox < 31 I used the following piece of code while logging out to clear the client's SSL cache.

if (window.crypto) {
    window.crypto.logout();
}


I know that since firefox 33 , Mozilla no longer supports this feature,
but I couldn't find any function being able to reproduce what "window.crypto.logout();" did.


Actual results:

The result is that Firefox does not request for which certificate to use when you try to log-in with another account right after having logged out whith a user who hasn't the same certificate.




Expected results:

We should have Firefox emptying the client's SSL cache and ask for which certificate to use everytime this use-case happen.
Component: Untriaged → Networking: Cache
Product: Firefox → Core
Component: Networking: Cache → Security: PSM
That functionality is no longer exposed to web content. You'll probably want to write an addon that does something like this:

Components.classes["@mozilla.org/security/sdr;1"]
          .getService(Components.interfaces.nsISecretDecoderRing)
          .logoutAndTeardown();

(Incidentally, I believe this is what happens when you use History -> Clear Recent History -> Active Logins).
Thanks for filing the bug.

Per comment 1, the |window.crypto.logout()| functionality isn't supported anymore.
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Resolution: --- → WONTFIX
Summary: Can't clear client's SSL cache → Can't use window.crypto.logout()
You need to log in before you can comment on or make changes to this bug.