Closed
Bug 1451441
Opened 6 years ago
Closed 6 years ago
Cookies are saved when session is restored, even if tab was closed
Categories
(Firefox :: Session Restore, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 345345
People
(Reporter: jrw32982, Unassigned)
Details
User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0 Build ID: 20180323154952 Steps to reproduce: I chose "Show your windows and tabs from last time" Actual results: Cookies from *closed* tabs are saved, so that revisiting a site that *had been open* does not require login. Expected results: My expectation is that when I close the last browser window, cookies will be saved only for those tabs that were open in that last browser window at the time it was closed. Additionally, I do not want any cookies from the *history* of those tabs saved when I close the browser. This is a huge security shocker for me. Security properties should be "in your face". If I can't see it (e.g. closed tabs, tab history) then it shouldn't be affected from a security point of view. User-controlled security features should be user-visible, not hidden state.
Reporter | ||
Comment 1•6 years ago
|
||
Also, "Show your windows and tabs" does *not* equate with "Restore entire browsing session". If that is what you mean (restore entire browsing session), then you should call it that. In any case, what I want is "restore tabs/windows that were open when FF was closed". Finally, I'm not talking about FF crashes or FF Add-On restarts, where it seems more obvious that the entire browsing session is being restored.
Updated•6 years ago
|
Component: Untriaged → Session Restore
Updated•6 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 6 years ago
Resolution: --- → DUPLICATE
Comment 3•6 years ago
|
||
John, I agree. Doesn't have to be a kiosk computer either. Would arise in most office environments. I have the computers here set to delete ALL stored data when closed. It may be a mite inconvenient but it's the only way to mitigate this. Otherwise if the browser crashed, anyone who can restart the computer within ~15min can impersonate you online, EVEN if it was turned off. If you were doing banking before the crash, this could be bad.
You need to log in
before you can comment on or make changes to this bug.
Description
•