Closed Bug 272743 Opened 20 years ago Closed 20 years ago

New browser instances shares the same PHPSESSID data from cookie

Categories

(Firefox :: General, defect)

x86
Windows XP
defect
Not set
normal

Tracking

()

RESOLVED DUPLICATE of bug 117222

People

(Reporter: dpo, Assigned: bugzilla)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0

Opening new instances of firefox uses the same cookie information of the initial
instance. This cookie is a session cookie and should be new.
This may be a security BUG.

Reproducible: Always
Steps to Reproduce:
1. create a php file with this code
<?php session_start(); echo session_id(); ?>

2. start first instance of firefox
3. start second instance of firefox

Actual Results:  
same session id 

Expected Results:  
new session id
Reporter, when you open a new Firefox process (while the first one is still
running), it's actually a new window in the first one. There no 2 separate
instances. That's why the session cookies seem to be shared.

Also note that IE doesn't share session cookies between different windows, when
launched by clicking the E-icon (but it still does it when you open a new
window). See bug 117222.

*** This bug has been marked as a duplicate of 117222 ***
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
Status: RESOLVED → VERIFIED
Moziller, i understand that you all want to make Firefox fast, but maybe you
should make clear that clicking the Firefoy icon doesn't open a new instance
like explorer do. 
Many people doesn't know about that and it causes confussion.
You should give the community also the choice to open diferent instances of Firefox.

It also opens security considerations.

If you are working with one application and want to open two browsers as two
different users (let say admin and simple user), currently you are not able to
do that and this can be badly exploit.

Example:
1. you log as user and leave the browser open but hidden, later comes your boss
and wants to show you something
2. you open a new firefox browser.
3. he logs in the system, do something and close the browser. 
4. Now you can impersonate your boss because you have the cookie.
5. big problem.
Status: VERIFIED → UNCONFIRMED
Resolution: DUPLICATE → ---

*** This bug has been marked as a duplicate of 117222 ***
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago20 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.