Restored previously pinned forum tabs shows usernames even though accounts protected with master password and Firefox is set to remove the cookies after exit
Categories
(Core :: Networking: Cache, defect)
Tracking
()
People
(Reporter: password244, Unassigned)
Details
(Whiteboard: [necko-triaged][necko-priotity-review])
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0
Steps to reproduce:
Open some forum page. It asks your master password to fill username and password. Enter your master password. Log in. Pin those tabs. Exit Firefox. Relaunch Firefox. Check pinned tabs. It shows you as if you are logged in. You can see your username. Refresh the page, and you can see the forum as if you are not logged in.
Actual results:
After relaunch Firefox, previously logged in pinned tabs shows me the forum pages with my username (as if i am logged in) even though i use password manager with master password and Firefox is set to remove cookies after exit.
NOTE: I set "browser.sessionstore.restore_pinned_tabs_on_demand" to "true" in about:config.
NOTE 2: I use Raspberry Pi OS Bookworm 64-Bit on Raspberry Pi 5 and their Firefox release.
Expected results:
Firefox shouldn't show the pinned forum tabs as if they are logged in after relaunch.
|
||
Comment 1•1 year ago
|
||
The Bugbug bot thinks this bug should belong to the 'Firefox::Session Restore' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.
UPDATE: I set browser.cache.disk.enable to false. It solved the problem.
|
||
Comment 3•1 year ago
|
||
It sounds like the website may be sending the wrong cache headers, making the response cachable when it shouldn't be.
Can you share the name of the website?
(In reply to Sam Foster [:sfoster] (he/him) from comment #3)
It sounds like the website may be sending the wrong cache headers, making the response cachable when it shouldn't be.
Can you share the name of the website?
For exmaple, forums.raspberrypi.com
But it also happens in a local forum. I believe it will be happen in all sites.
|
||
Comment 5•1 year ago
|
||
Thank you for reporting the issue.
We would need the http logs for the cache module to investigate this further. Kindly share it to necko@mozilla.com if you have privacy concerns about sharing the logs in bugzilla.
Kindly start the log capture and reproduce the issue.
(In reply to Sunil Mayya from comment #5)
Thank you for reporting the issue.
We would need the http logs for the cache module to investigate this further. Kindly share it to necko@mozilla.com if you have privacy concerns about sharing the logs in bugzilla.
Kindly start the log capture and reproduce the issue.
I sent log files to necko@mozilla.com
|
|
||
Updated•1 year ago
|
|
|
||
Comment 8•1 year ago
|
||
Hello,
Thanks for sharing the logs.
However, it does not contain the neccessary information required for debugging this issue.
Could you please enable logging FIRST mentioned here and then reproduce the issue? Kindly share the logs once the issue is reproduced.
Thanks you.
Please let us know if you need further support in collecting the logs.
|
|
||
Comment 9•1 year ago
|
||
Redirect a needinfo that is pending on an inactive user to the triage owner.
:valentin, since the bug has recent activity, could you have a look please?
For more information, please visit BugBot documentation.
|
||
Comment 10•1 year ago
|
||
(In reply to Sam Foster [:sfoster] (he/him) from comment #3)
It sounds like the website may be sending the wrong cache headers, making the response cachable when it shouldn't be.
I think this is accurate.
It's just a matter of the website saying the response is cacheable.
It should at least have Vary: Cookie to make sure that clearing the cookies invalidates the cache. I don't think it's a Firefox bug.
Description
•