Closed
Bug 304818
Opened 19 years ago
Closed 19 years ago
Clicking on gmail link in history does not request login.
Categories
(Firefox :: Bookmarks & History, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: amybrookhouser, Unassigned)
References
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4 When clicking on any gmail history item, Mozilla does not request a login no matter how long since you last logged in. Anyone opening the browser can read private email and access the account. Does not occur with (sorry, gak) IE. Reproducible: Always Steps to Reproduce: 1.Open Mozilla. 2.Go to view/sidebar/history 3.Click on any gmail history item and read all my naughty secrets! Actual Results: Was able to read and access account without ID or password. This is NOT a password I have allowed Mozilla to save. (Checked password manager to ensure that I'm not being a dumbass) Expected Results: After closing session, Mozilla should require a password to allow one into the account.
Comment 1•19 years ago
|
||
Works for me (by which I mean I am redirected to the GMail login screen if I try the steps to reproduce.) Build ID: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20050814 Firefox/1.0+ When you normally log into GMail, do you tick the "Remember me on this computer" checkbox? I can only reproduce what you describe if I do that, in which case it is behaving as intended.
*** Bug 304790 has been marked as a duplicate of this bug. ***
The behavior described occurs for me with Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20050816 Firefox/1.0+. It also occurs with IE6 on my machine. Note that gmail doesn't really use distinct urls for each message (like hotmail seems to), so items in the history all just take you back to your gmail inbox. Except, of course, for the login page - it has a distinct url that gets its own item in the history. My best guess is that this behavior is by gmail design. It works particularly well with the gmail notifier utility (provided by gmail) because you can get from the program to your inbox without having to reenter credentials. What I think you want to do is make sure that you sign out of gmail before closing firefox (or IE, for that matter). Once you sign out, no amount of history trickery will get you back to your email without reentering credentials. Signing out effectively blocks the gmail notifier from jumping straight to the inbox, as well. WORKSFORME?
Marking WFM.
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → WORKSFORME
Component: History → Bookmarks & History
QA Contact: history → bookmarks
You need to log in
before you can comment on or make changes to this bug.
Description
•