Open
Bug 1300641
Opened 8 years ago
Updated 2 years ago
[meta] Logging out of Firefox for iOS does not tear down session/device state on server
Categories
(Firefox for iOS :: Firefox Accounts, defect)
Tracking
()
NEW
Tracking | Status | |
---|---|---|
fxios | + | --- |
People
(Reporter: rfkelly, Unassigned)
References
(Depends on 1 open bug)
Details
(Keywords: meta)
It appears that Firefox for iOS may not be destroying its session and/or device record when you log out of the device. Steps to reproduce: * Login to Firefox for iOS * Visit https://accounts.firefox.com/settings?forceDeviceList=true * Expand the "devices" view, and observe that the device is connected to your account * Logout of Firefox for iOS * Refresh the devices view. Expected: The device no longer appears in the list of devices connected to the account, because I've logged out of it. Actual: The device remains in the list. My naive grepping through the source suggests that it's not calling either /session/destroy [1] or /account/device/destroy [2]. Please call one of these when logging out of the device, either /device/destroy if there's a device record active, or /session/destroy if not. [1] https://github.com/mozilla/fxa-auth-server/blob/master/docs/api.md#post-v1sessiondestroy [2] https://github.com/mozilla/fxa-auth-server/blob/master/docs/api.md#post-v1accountdevicedestroy
Comment 1•7 years ago
|
||
With Push in the mix this becomes more important: I suspect we'll continue to get push messages after signing out on the device.
Comment 2•7 years ago
|
||
N.B., there are two parts to this: - Attempt to upload a {deleted: true} record in place of our client record and tabs record. Look at desktop for inspiration. - Tell FxA, as described in Comment 0.
Comment 3•7 years ago
|
||
Re: comment 1: https://bugzilla.mozilla.org/show_bug.cgi?id=1378725 partly addresses exactly this issue.
Flags: needinfo?(jhugman)
Updated•7 years ago
|
Whiteboard: [fxa]
Comment 4•7 years ago
|
||
Firefox for Android has the same problem: ref https://bugzilla.mozilla.org/show_bug.cgi?id=1381828
Updated•7 years ago
|
Comment 5•7 years ago
|
||
See the three dependencies for: - Deleting FxA state - Deleting our records from the Sync server - Unregistering push (done).
Updated•5 years ago
|
Whiteboard: [fxa]
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•