Certificate is cached after logging in on a website?
Categories
(Core :: Security, defect)
Tracking
()
People
(Reporter: arnoud, Unassigned)
Details
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36
Steps to reproduce:
When logging in to a certain website Firefox asks which certificate has to be used for logging in to the website.
Actual results:
When closing the tab and stopping the browser, and going back to website that asks for a certificate it opens the browser still logged in with the certificate chosen for first logging in on that certain website.
Expected results:
It should have prompted me for asking me which certificate i want to use on that certain website. I tested the browsers Firefox 54esr, 60esr, 68esr, 78.0.2esr and 78.4.0esr there it works fine and it behaves like how i used to know it. After installing Firefox 79 it behaves like the certificate is cached somewhere and it also happens in Firefox 80,81 and 82.
|
||
Comment 1•4 years ago
|
||
Hi Arnoud
Can you specify the website in which you're encountering this issue?
Would you mind providing a regression range using mozregression? (will automatically download Firefox builds and ask you to tell whether the build is good (bug is not present) or bad (bug is present). You can find it at https://mozilla.github.io/mozregression/ )
Setting a component for this in order to get the dev team involved.
(If the team feels it's an incorrect one please feel free to change it to a more appropriate one.)
Best,
Clara
As of bug 634697, Firefox remembers this decision across sessions. You can remove remembered decisions by going to about:preferences, searching for "certificates", clicking "View Certificates", and going to the "Authentication Decisions" tab.
Description
•