Open Bug 2012302 Opened 1 day ago Updated 1 day ago

"Clear cookies and site data" does not log me out of Discord

Categories

(Toolkit :: Data Sanitization, defect)

Product:
Toolkit
Component:
Data Sanitization
Version:
Firefox 147
Type:
defect

Tracking

()

Status:
UNCONFIRMED

People

(Reporter: post+mozilla, Unassigned)

Details

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:147.0) Gecko/20100101 Firefox/147.0

Steps to reproduce:

  • Logged in to Discord
  • Tried to make Discord forget about that session by selecting "clear cookies and site data"

Actual results:

After reloading the page, I am still logged in.

Expected results:

I should be logged out.

This seems like a potentially severe privacy issue: I would expect a site to not be easily able to identify that I am still the same user after clearing all cookies and site data, but somehow Discord apparently bypasses that.

The Bugbug bot thinks this bug should belong to the 'Toolkit::Data Sanitization' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.

Component: Untriaged → Data Sanitization
Product: Firefox → Toolkit
You need to log in before you can comment on or make changes to this bug.