Open Bug 1300641 Opened 8 years ago Updated 2 years ago

[meta] Logging out of Firefox for iOS does not tear down session/device state on server

Categories

(Firefox for iOS :: Firefox Accounts, defect)

Product:
Firefox for iOS
Component:
Firefox Accounts
Platform:
All
iOS
Type:
defect

Tracking

()

Tracking Flags:
Tracking Status
fxios + ---

People

(Reporter: rfkelly, Unassigned)

References

(Depends on 1 open bug)

Details

(Keywords: meta)

It appears that Firefox for iOS may not be destroying its session and/or device record when you log out of the device. Steps to reproduce: * Login to Firefox for iOS * Visit https://accounts.firefox.com/settings?forceDeviceList=true * Expand the "devices" view, and observe that the device is connected to your account * Logout of Firefox for iOS * Refresh the devices view. Expected: The device no longer appears in the list of devices connected to the account, because I've logged out of it. Actual: The device remains in the list. My naive grepping through the source suggests that it's not calling either /session/destroy [1] or /account/device/destroy [2]. Please call one of these when logging out of the device, either /device/destroy if there's a device record active, or /session/destroy if not. [1] https://github.com/mozilla/fxa-auth-server/blob/master/docs/api.md#post-v1sessiondestroy [2] https://github.com/mozilla/fxa-auth-server/blob/master/docs/api.md#post-v1accountdevicedestroy
See Also: → 1279333
With Push in the mix this becomes more important: I suspect we'll continue to get push messages after signing out on the device.
tracking-fxios: --- → ?
Flags: needinfo?(jhugman)
Hardware: Other → All
N.B., there are two parts to this: - Attempt to upload a {deleted: true} record in place of our client record and tabs record. Look at desktop for inspiration. - Tell FxA, as described in Comment 0.
Re: comment 1: https://bugzilla.mozilla.org/show_bug.cgi?id=1378725 partly addresses exactly this issue.
Flags: needinfo?(jhugman)
See Also: → 1378725
Whiteboard: [fxa]
Firefox for Android has the same problem: ref https://bugzilla.mozilla.org/show_bug.cgi?id=1381828
See the three dependencies for: - Deleting FxA state - Deleting our records from the Sync server - Unregistering push (done).
Depends on: 1168690, 1378725, 1385986
Keywords: meta
Summary: Logging out of Firefox for iOS does not tear down session/device state on server → [meta] Logging out of Firefox for iOS does not tear down session/device state on server
Whiteboard: [fxa]
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.