[meta] Logging out of Firefox for iOS does not tear down session/device state on server

NEW
Unassigned

Status

()

2 years ago
a year ago

People

(Reporter: rfkelly, Unassigned)

Tracking

(Depends on: 1 bug, {meta})

unspecified
All
iOS
Dependency tree / graph

Firefox Tracking Flags

(fxios+)

Details

(Whiteboard: [fxa])

(Reporter)

Description

2 years ago
It appears that Firefox for iOS may not be destroying its session and/or device record when you log out of the device.  Steps to reproduce:

* Login to Firefox for iOS
* Visit https://accounts.firefox.com/settings?forceDeviceList=true
* Expand the "devices" view, and observe that the device is connected to your account
* Logout of Firefox for iOS
* Refresh the devices view.

Expected:

The device no longer appears in the list of devices connected to the account, because I've logged out of it.

Actual:

The device remains in the list.


My naive grepping through the source suggests that it's not calling either /session/destroy [1] or /account/device/destroy [2].  Please call one of these when logging out of the device, either /device/destroy if there's a device record active, or /session/destroy if not.

[1] https://github.com/mozilla/fxa-auth-server/blob/master/docs/api.md#post-v1sessiondestroy
[2] https://github.com/mozilla/fxa-auth-server/blob/master/docs/api.md#post-v1accountdevicedestroy
See Also: → bug 1279333
With Push in the mix this becomes more important: I suspect we'll continue to get push messages after signing out on the device.
tracking-fxios: --- → ?
Flags: needinfo?(jhugman)
Hardware: Other → All
N.B., there are two parts to this:

- Attempt to upload a {deleted: true} record in place of our client record and tabs record. Look at desktop for inspiration.
- Tell FxA, as described in Comment 0.
Re: comment 1: https://bugzilla.mozilla.org/show_bug.cgi?id=1378725 partly addresses exactly this issue.
Flags: needinfo?(jhugman)
See Also: → bug 1378725
Whiteboard: [fxa]
Firefox for Android has the same problem:

ref https://bugzilla.mozilla.org/show_bug.cgi?id=1381828
tracking-fxios: ? → +
See the three dependencies for:

- Deleting FxA state
- Deleting our records from the Sync server
- Unregistering push (done).
Depends on: 1168690, 1378725, 1385986
Keywords: meta
Summary: Logging out of Firefox for iOS does not tear down session/device state on server → [meta] Logging out of Firefox for iOS does not tear down session/device state on server
Duplicate of this bug: 1397848
Duplicate of this bug: 1401585
You need to log in before you can comment on or make changes to this bug.