Open Bug 1300641 Opened 8 years ago Updated 2 years ago

[meta] Logging out of Firefox for iOS does not tear down session/device state on server

Categories

(Firefox for iOS :: Firefox Accounts, defect)

Product:
Firefox for iOS
Component:
Firefox Accounts
Platform:
All
iOS
Type:
defect

Tracking

()

Tracking Flags:
Tracking Status
fxios + ---

People

(Reporter: rfkelly, Unassigned)

References

(Depends on 1 open bug)

Details

(Keywords: meta) 

It appears that Firefox for iOS may not be destroying its session and/or device record when you log out of the device.  Steps to reproduce:

* Login to Firefox for iOS
* Visit https://accounts.firefox.com/settings?forceDeviceList=true
* Expand the "devices" view, and observe that the device is connected to your account
* Logout of Firefox for iOS
* Refresh the devices view.

Expected:

The device no longer appears in the list of devices connected to the account, because I've logged out of it.

Actual:

The device remains in the list.


My naive grepping through the source suggests that it's not calling either /session/destroy [1] or /account/device/destroy [2].  Please call one of these when logging out of the device, either /device/destroy if there's a device record active, or /session/destroy if not.

[1] https://github.com/mozilla/fxa-auth-server/blob/master/docs/api.md#post-v1sessiondestroy
[2] https://github.com/mozilla/fxa-auth-server/blob/master/docs/api.md#post-v1accountdevicedestroy
See Also: → 1279333
With Push in the mix this becomes more important: I suspect we'll continue to get push messages after signing out on the device.
tracking-fxios: --- → ?
Flags: needinfo?(jhugman)
Hardware: Other → All
N.B., there are two parts to this:

- Attempt to upload a {deleted: true} record in place of our client record and tabs record. Look at desktop for inspiration.
- Tell FxA, as described in Comment 0.
Re: comment 1: https://bugzilla.mozilla.org/show_bug.cgi?id=1378725 partly addresses exactly this issue.
Flags: needinfo?(jhugman)
See Also: → 1378725
Whiteboard: [fxa]
Firefox for Android has the same problem:

ref https://bugzilla.mozilla.org/show_bug.cgi?id=1381828
See the three dependencies for:

- Deleting FxA state
- Deleting our records from the Sync server
- Unregistering push (done).
Depends on: 1168690, 1378725, 1385986
Keywords: meta
Summary: Logging out of Firefox for iOS does not tear down session/device state on server → [meta] Logging out of Firefox for iOS does not tear down session/device state on server
Whiteboard: [fxa]
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.