Closed
Bug 272743
Opened 20 years ago
Closed 20 years ago
New browser instances shares the same PHPSESSID data from cookie
Categories
(Firefox :: General, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 117222
People
(Reporter: dpo, Assigned: bugzilla)
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0 Opening new instances of firefox uses the same cookie information of the initial instance. This cookie is a session cookie and should be new. This may be a security BUG. Reproducible: Always Steps to Reproduce: 1. create a php file with this code <?php session_start(); echo session_id(); ?> 2. start first instance of firefox 3. start second instance of firefox Actual Results: same session id Expected Results: new session id
Comment 1•20 years ago
|
||
Reporter, when you open a new Firefox process (while the first one is still running), it's actually a new window in the first one. There no 2 separate instances. That's why the session cookies seem to be shared. Also note that IE doesn't share session cookies between different windows, when launched by clicking the E-icon (but it still does it when you open a new window). See bug 117222. *** This bug has been marked as a duplicate of 117222 ***
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
Updated•20 years ago
|
Status: RESOLVED → VERIFIED
Moziller, i understand that you all want to make Firefox fast, but maybe you should make clear that clicking the Firefoy icon doesn't open a new instance like explorer do. Many people doesn't know about that and it causes confussion. You should give the community also the choice to open diferent instances of Firefox. It also opens security considerations. If you are working with one application and want to open two browsers as two different users (let say admin and simple user), currently you are not able to do that and this can be badly exploit. Example: 1. you log as user and leave the browser open but hidden, later comes your boss and wants to show you something 2. you open a new firefox browser. 3. he logs in the system, do something and close the browser. 4. Now you can impersonate your boss because you have the cookie. 5. big problem.
Status: VERIFIED → UNCONFIRMED
Resolution: DUPLICATE → ---
Comment 3•20 years ago
|
||
*** This bug has been marked as a duplicate of 117222 ***
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago → 20 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•