pinned tabs prevent deletion of session cookie
Categories
(Firefox :: Session Restore, defect)
Tracking
()
People
(Reporter: aditniru, Unassigned)
References
Details
User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:83.0) Gecko/20100101 Firefox/83.0
Steps to reproduce:
- Create a webserver with a session cookie expiration setting
(session cookies by design should expire when the session is closed !) - pin a tab (I pinned a gmail tab) in firefox
- open a tab from the webserver with the session cookie, the session cookie would be a new cookie
- close firefox, and restart it, ensure that the firefox session save function is diabled
- reopen firefox, revisit the website with a session cookie, this cookie WOULD NOT HAVE EXPIRED because of the pinned tab
also, I'm clearly not the first person to have this problem
see : https://stackoverflow.com/a/64140760/6743697
Actual results:
Session cookie did not expire when firefox restarted because of a pinned tab, this is a security risk as this could mean that people could keep pinned tabs in a browser, and browsers would keep login information even in sites where "remember me" was disabled (and essentially sites that use a session cookie)
this problem does not occur when there are no pinned tabs, and session cookies expire normally
Expected results:
the session cookie should have expired
|
||
Updated•5 years ago
|
This is certainly not "Resolved" since I experienced it with the latest version of firefox, and the bug you've marked this as a duplicate of references a different problem and the nearest resemblance to this problem is 9 years ago, but I can understand that it is of low priority since session cookies should not be relied on to forget user data
|
||
Comment 4•3 years ago
|
||
According to bug 704779 this is incorrect behavior. We no longer have the privacy_level_deferred pref described there so maybe we hard-coded in the wrong setting. Seems distinct from bug 530594.
Description
•