If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

The browser restores previous session. The user stays logged in

RESOLVED DUPLICATE of bug 530594

Status

()

Firefox
Untriaged
RESOLVED DUPLICATE of bug 530594
6 months ago
6 months ago

People

(Reporter: Yury, Unassigned)

Tracking

52 Branch
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

6 months ago
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.98 Safari/537.36

Steps to reproduce:

NOTE: The issue is reproduced only in Mozilla Firefox 52 (Windows 7 and Windows 10) and in the general browser settings “When Firefox starts” drop down is set to “Show my windows and tabs from last time”.
Steps to Reproduce:
1. Log in to any system that needs credentials entering (e-banking)
2. Enter valid credentials
3. Proceed to any step
4.Click "Close" button in the right upper corner.
5.Open Mozilla Firefox 52 browser again.


Actual results:

The browser restores previous session. The user stays logged in


Expected results:

The session should be interrupted upon closing the browser

Comment 1

6 months ago
This is a well-understood aspect of our session restore implementation. It's not trivial to do the "right" thing here as people have an understandable desire to similarly be able to "keep going where they left off", for which session cookies are expected to be kept. If you run a website that's affected by this, setting the appropriate cache headers on the page in question will ensure we will re-request it from the network, and if your cookies' expiry times are set correctly they will still expire.
Group: firefox-core-security
Status: UNCONFIRMED → RESOLVED
Last Resolved: 6 months ago
Resolution: --- → DUPLICATE
Duplicate of bug: 530594
You need to log in before you can comment on or make changes to this bug.