Closed Bug 241196 Opened 20 years ago Closed 20 years ago

sessions been keeping alive even if you close and/or opening a new window

Categories

(Core :: Networking: Cookies, defect)

Product:
Core
Component:
Networking: Cookies
Platform:
x86
Windows 2000
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
VERIFIED DUPLICATE of bug 117222

People

(Reporter: johan, Assigned: darin.moz)

Details

(Whiteboard: [sg:nse]) 

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.6) Gecko/20040113
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.6) Gecko/20040113

When opening a new window the session is stil open, and on websites where a
login is nessesairy you'll keep logged in. In this case logging in as different
users in multiple windows is not possible. this can't be right! :-)

Reproducible: Always
Steps to Reproduce:
1. log in to a website
2. open a new window
3. you'll notice that the login-session is still open, even if you close the
windows, opening a new one, still contains the old session!!!!
Actual Results:  
Still being logged in, still have the same session!

Expected Results:  
every window should have it's own session wich should be terminated on closing
window or timeout. now we have a serious privacy/security issue.
Severity: normal → major
Alias: big-session-bug
Severity: major → critical
This smells like cookies, but my gut feeling is that this is actually bug in the
web application itself, not Mozilla.
Assignee: general → darin
Component: Browser-General → Networking: Cookies
QA Contact: general → core.networking.cookies
(In reply to comment #1)
> This smells like cookies, but my gut feeling is that this is actually bug in the
> web application itself, not Mozilla.

It has nothing to do with the web application, internet explorer has the normal
response and I've tested in various web applications.
This sounds more like bug 55181, inability to log out of http-auth. If you shut
the browser down completely do you log out?
Whiteboard: [sg:dupe?]
(In reply to comment #3)
> This sounds more like bug 55181, inability to log out of http-auth. If you shut
> the browser down completely do you log out?

even if i close all mozzila browsers, when i open a new browser, i'm still
logged in!

I'm not seeing this at all then. What sites are affected?
Whiteboard: [sg:dupe?] → [sg:needinfo]
i'm going to open this unless someone gives a very good reason for me to keep
this closed. this bug is at best about the fact that it's hard to flush auth.
most likely it's just a dupe of the fact that mozilla is a single instance and
treats all windows as related whereas people get this strange feeling that
windows in ie are able to maintain independent sessions.

I'm giving the reporter 1 week.
(In reply to comment #6)
> i'm going to open this unless someone gives a very good reason for me to keep
> this closed. this bug is at best about the fact that it's hard to flush auth.
> most likely it's just a dupe of the fact that mozilla is a single instance and
> treats all windows as related whereas people get this strange feeling that
> windows in ie are able to maintain independent sessions.
> I'm giving the reporter 1 week.

I'm the reporter of this bug, I used then an other mail address. please open! I 
think you're right. in i.e. difrent browsers are in fact diferent browsers, 
unles you open the browser with cntr-n or file-->new-->window, and then the 
session is copied as well.
I noticed the same problem in FireFox. I'm a developer and sometimes need to be 
signed in as different users at the same time, then unfortunatly I have to use 
i.e. and that's a bit painful don't you think? ;-)

I hope this can be solved!!

gr. JOhan
Group: security
Whiteboard: [sg:needinfo] → [sg:nse] DUPEME

*** This bug has been marked as a duplicate of 117222 ***
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
Whiteboard: [sg:nse] DUPEME → [sg:nse]
Alias: big-session-bug
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.