Closed
Bug 247186
Opened 20 years ago
Closed 5 months ago
starting firefox with a other user on the same x-session only forks firefox, even if it is not from the same user
Categories
(Toolkit :: Startup and Profile System, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: bastiaf, Unassigned)
Details
Attachments
(1 file)
|
1.30 KB,
text/plain
|
Details |
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7) Gecko/20040616 Firefox/0.9 Build Identifier: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7) Gecko/20040616 Firefox/0.9 First user1 starts Firefox. After changing the user to user2 with su on the same X session and starting firefox with this user2, only the Firefox from user1 is forked. user2 don't get his own Firefox, instead he can use the configuration, bookmarks, passwords und form fills from user1. Reproducible: Always Steps to Reproduce: 1. start Firefox with user1 2. su - user2 on a terminal in the same X session 3. start Firefox with this second user2 Actual Results: user2 has access to the Firefox configuration, bookmarks, passwords etc. from user1 Expected Results: starting a new Firefox for user2
If you change LOGNAME for the the user you su'd into this problem should stop. But this is not something that should be able to happen no matter what the value of LOGNAME. For example it also works if you do the following: user2@system:~$ LOGNAME=user1 DISPLAY=:0 firefox
Behaviour for sessions is not the same in Firefox as it is in IE. Sessions should not be transferable across instances of browsers (not tabbed window). Proof of concept Reproducible: Always Steps to Reproduce: 1. Go to http://62.25.126.19/test/mozbug.asp 2. Follow instructions - session variable contents displayed on subsequent page 3. Start new instance of Firefox with URL in (1) 4. Form is pre-filled with session data from other instance of browser 5. This behaviour does NOT occur under IE6. This has application issues in that if we are editing data for one customer in one browser and another customer in another, this could result in inadvertent data errors. This means Firefox is not fit for purpose for us and unfortunately we have to use IE as well.
(In reply to comment #2) > Behaviour for sessions is not the same in Firefox as it is in IE. Sessions > should not be transferable across instances of browsers (not tabbed window). I do not think you are talking about the same bug here. I am not talking about a cache-securtiy bug. But a physical user, any user can startup an instance of firefox in name of the previous user. The problem you are talking about is not a real issue as you are talking about a single user-environment, and I am talking about a mulit-user environment. Monchi. --
|
||
Comment 4•19 years ago
|
||
The same is true on WinXP, and presumably every other OS. For my case, I ran the firefox installer with admin privileges by way of the runas command, and let the installer launch firefox at the end. Then, opening a shortcut on the user-privileged desktop created a new window instead of a new process. I assume the same would happen in a fast-user-switch environment, but I cannot confirm that. It appears that on program start, if a running instance is detected, a new window is created with the same credentials as that instance. This is fine in a single-user environment. In a multi-user environment, this is unacceptable. The simple fix would be to create a new process every time. A better fix is to compare the owner of each running instance with the owner of the new instance. If they are the same, then create a new window; if they are different, then create a new process. If having multiple processes is unacceptable, then the user credentials have to be tracked on a per-window basis. If an instance is already running, create a new window with user credentials matching the owner of the new process.
As a server-side programmer, I am tangling with the issue of people opening multiple browser windows (in the same process) and getting the same http-session information shared as a consequence. In IExplore you can still start the browser in a new process and hence get a fresh http-session and consequently separated server-side session upkeep (or re-use the process with ctrl-N and share the server-side session). In Mozilla 1.7 / FireFox 1.07 there is no facility to force a new process (and hence a distinctly separate server-side session). I know that this is technically a different issue to that of starting different processes in a multi-user environment, but while this issue is boing considered, I would like to lobby for some help for the poor server-side programmers who have to deal with this conundrum. I would love to see a feature that allows users to choose to start the browser windows according to their needs: same session, or distinct session. I suggested on a forum elsewhere that it would be ideal to have a setup option to have Tabs start in the same process (and hence share serverside session information), and Windows start in a new process (and hence NOT share serverside session information). At the UI level this would amount to a simple pair of radio buttons in the "Prefs" "Advanced" area. Alternatively or as well, it would be great to have a menu option like "New Window" but "New Session". Obviously this will baffle the punters to some degree. That is of course if Mozilla can sustain being run in separate processes at all. If this needs to be posted to a new Bug # please let me know by email or please copy-paste it to one for me ... I am not up on the etiquette of when to create a new bug or when to accumulate alike bugs together. Thanks for listening. Rob
Ok, I think that my comment more correctly relates to (and this Bug is a related problem to): https://bugzilla.mozilla.org/show_bug.cgi?id=115903 also I made a related comment at: https://bugzilla.mozilla.org/show_bug.cgi?id=219984 Cheers Rob
|
||
Comment 7•19 years ago
|
||
On Linux Mandrake 9 / Firefox 1.5 - rv 1.8: In some cases, when launching firefox under another user, no instance is created; Instead, another window is created, with the previous user's history, cookies, plugins,... It seems to depend on user rights: When login as root, and launching firefox, the previous instance is activated; When login as normal user, a new instance is created.
|
||
Updated•17 years ago
|
Assignee: bross2 → nobody
|
||
Updated•17 years ago
|
Component: General → Startup and Profile System
QA Contact: general → startup
|
Assignee | |
Updated•16 years ago
|
Product: Firefox → Toolkit
|
||
Comment 8•12 years ago
|
||
On Windows: When you launch Firefox, it searches for a window named "FirefoxMessageWindow". If it finds this window, it opens a new browser window instead of a new instance - even if you try to start Firefox with another profile or as another user. There is a relative simple solution to this problem: Just include the name of the profile as well as the username within the name of the MessageWindow. E.g., call it "FirefoxMessageWindow(Alex:MyProfile)" instead of "FirefoxMessageWindow". This works as expected using the current nightly - a new instance is started if you choose a different profile or run as another user. The corresponding function "className()" to be modified can be found within the "struct MessageWindow" in file ".\toolkit\xre\nsNativeAppSupportWin.cpp" However, I am not sure how Firefox checks if it is already running on Linux... Alex
|
||
Comment 9•1 year ago
|
||
In the process of migrating remaining bugs to the new severity system, the severity for this bug cannot be automatically determined. Please retriage this bug using the new severity system.
Severity: major → --
|
|
||
Comment 10•5 months ago
|
||
The severity field is not set for this bug.
:mossop, could you have a look please?
For more information, please visit BugBot documentation.
Flags: needinfo?(dtownsend)
|
||
Comment 11•5 months ago
|
||
Please reopen if this is still an issue
Status: UNCONFIRMED → RESOLVED
Closed: 5 months ago
Flags: needinfo?(dtownsend)
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•