Closed
Bug 1462409
Opened 6 years ago
Closed 6 years ago
Firefox is not deleting session cookie when browser set to remember session
Categories
(Firefox :: Session Restore, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 530594
People
(Reporter: whatasec, Unassigned)
Details
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36 OPR/52.0.2871.99 Steps to reproduce: Open any web application that sets a session cookie Keep tab opened and close Firefox window Reopen Firefox and the saved tab reopens and the session cookie is reused I then close the tab, which closed the Firefox window Reopen Firefox and the tab is already opened (even though I had closed the tab, btw) and the session cookie is reused I open a new tab an close the previous tab, and then I close Firefox Reopen Firefox with no tabs and go to previous web application and again the session cookie is reused. Given the session cookie has no expiration date set, which made it a session cookie, then this cookie will be around for I don't know how long. Actual results: The session cookie is living for ever. Expected results: When I reopen the browser, the session cookie should have been deleted which would force a re-authentication to the web application. Right now, this session cookie has no expiration date so it will live for ever.
Updated•6 years ago
|
Group: firefox-core-security
Status: UNCONFIRMED → RESOLVED
Closed: 6 years ago
Resolution: --- → DUPLICATE
Updated•6 years ago
|
Component: Untriaged → Session Restore
You need to log in
before you can comment on or make changes to this bug.
Description
•