Closed Bug 1398022 Opened 7 years ago Closed 7 years ago

Sync account got disconnected when signed out from a different, copied profile

Categories

(Firefox :: Sync, defect)

defect
Not set
normal

Tracking

()

RESOLVED WONTFIX

People

(Reporter: fireattack, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Steps to reproduce: 1. Prepare two profiles, let's call one and two. 2. Sign in with profile one and make sure the sync is finished. 3. Close Firefox, copy all files in profile one's folder and override everything in profile two folder. 4. Start Firefox with "-p" and choose profile two. 5. Confirm that the sync account is still logged in via preference. 6. Disconnect your sync account on this profile two. 7. Close Firefox. 8. Restart firefox with "-p" and choose profile one. 9. Wait a few seconds, and check your account in preference. Actual results: The account in profile one is disconnected. User has to reconnect manually, and sometimes it asks for email confirmation, which is annoying. Expected results: It shouldn't. Since the user only logged off from profile two, not one.
Component: Untriaged → Sync
Thanks for the report! > 3. Close Firefox, copy all files in profile one's folder and override everything in profile two folder. This copies over the sessionToken from profile1 to profile2, resulting in two different profiles are are basically indistinguishable from the server's perspective - they're both the same version of firefox and they're both using the same authentication token to talk to the Firefox Accounts servers. When you log out in profile2, it tells the server to destroy its authentication token. When profile1 next tries to sync, it finds that its authentication token has been destroyed and asks you to reconnect to sync. I agree this is rather unexpected behaviour, but it's not clear to me whether there's anything we can really do about it, without inventing a way for each firefox profile to uniquely identify itself to the server. Destroying the token on logout is a deliberate choice that helps both security and user-experience in the common case.
(In reply to Ryan Kelly [:rfkelly] from comment #1) > but it's not clear to me > whether there's anything we can really do about it, without inventing a way > for each firefox profile to uniquely identify itself to the server. Note that if we did that, we'd end up breaking the "refresh profile" feature. Copying profiles in this way can also cause a number of other issues with Sync itself (ie, the same "client id" is used, meaning things like "send tab" aren't going to do the right thing either if both profiles are "active"). This simply isn't supported behaviour, so thanks for the report, but I'm WONTFIXing it.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → WONTFIX
Thanks for the explanation. That makes sense. If you don't mind, I have an additional question: I think you might have guessed, I did those steps frequently when debugging my profile, because I don't want to mess up with my sync on my main profile. So I copied my profile, and immediately signed out in the copied one before doing anything else. If you guys can tell me which actual file in the profile controls the sync information (or the sessionToken as you mentioned), I can simply NOT copy it to prevent this problem from the very beginning. I tried to search before but didn't find any clue.
signedInUser.json is the file with the session token and other Firefox Account data.
You need to log in before you can comment on or make changes to this bug.