Closed Bug 1462409 Opened 6 years ago Closed 6 years ago

Firefox is not deleting session cookie when browser set to remember session

Categories

(Firefox :: Session Restore, defect)

Product:
Firefox
Component:
Session Restore
Version:
60 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 530594

People

(Reporter: whatasec, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36 OPR/52.0.2871.99

Steps to reproduce:

Open any web application that sets a session cookie
Keep tab opened and close Firefox window
Reopen Firefox and the saved tab reopens and the session cookie is reused
I then close the tab, which closed the Firefox window
Reopen Firefox and the tab is already opened (even though I had closed the tab, btw) and the session cookie is reused
I open a new tab an close the previous tab, and then I close Firefox
Reopen Firefox with no tabs and go to previous web application and again the session cookie is reused.
Given the session cookie has no expiration date set, which made it a session cookie, then this cookie will be around for I don't know how long.


Actual results:

The session cookie is living for ever. 


Expected results:

When I reopen the browser, the session cookie should have been deleted which would force a re-authentication to the web application. Right now, this session cookie has no expiration date so it will live for ever.
Group: firefox-core-security
Status: UNCONFIRMED → RESOLVED
Closed: 6 years ago
Resolution: --- → DUPLICATE
Component: Untriaged → Session Restore
You need to log in before you can comment on or make changes to this bug.