Closed Bug 268517 Opened 20 years ago Closed 20 years ago

When I hit back button after logging off, I can still get to my inbox.

Categories

(Core :: Security, defect)

Product:
Core
Component:
Security
Version:
1.0 Branch
Platform:
x86
Windows 2000
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: ashesh.cb, Assigned: dveditz)

References

(
URL
)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.0; rv:1.7.3) Gecko/20040913 Firefox/0.10.1
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; rv:1.7.3) Gecko/20040913 Firefox/0.10.1

I have an email account with www.rediff.com When I give my user name and
password, I am directed to mail.rediff.com asking me to enter username and
password again. I clicked the back button with took me to the default page. 
Instead of entering the username and password again, I cimply click forward
arrow and a message "The page you are trying to view contains POSTDATA that has
expired from cache. If you resend the data, any action the form carried out such
as a search or online purchas) will be repeated. To resend the data, click OK. 
Otherwise, click Cancel". And I am into my mail box. 

Even after I logoff and use the same window to browse some other websites and
after going through many pages, if I click the browser back arrow toreach
www.rediff.com, I am lead to my mail box. 

This can be dangerous if someone browses are a browsing center.

Reproducible: Always
Steps to Reproduce:
1.Clear internet cache and history
2.After opening www.rediff.com, enter user name and password. You will be lead
to mail.rediff.com and asked to enter username/password.
3.Donot enter the name/passwd, but click the back arrow in browser. 
4.Now click the Forward arrow in the browser. A popup comes up saying abt
"POSTDATA" as I have mentioned above.
4.Click "OK". And we are lead to the inbox.
5.Now logoff from rediffmail.
6.Browse some other websites.
7.After many pages, click the back arrow to read rediffmail. 


Actual Results:  
We will be able to access the inbox of the account which we had logged off.

Expected Results:  
In IE6.0, it gives cannot login as session has ended.
This is not an accessibility bug. Please read the component descriptions (under
the "Component" link) before filing a bug. Accessibility is for usability by
persons with disabilities. See http://www.mozilla.org/access for more info.
Assignee: aaronleventhal → dveditz
Component: Accessibility → Security: General
Product: Firefox → Browser
QA Contact: bugzilla
Version: unspecified → 1.0 Branch
The problem with POSTDATA seems to be solved with Firefox 1.0. I just downloaded
the new 1.0 version and when I click back arrow, and tried to check for my mail,
I got the same error that IE shows. 
WFM, according to reporter's comments.
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.