Closed Bug 304818 Opened 19 years ago Closed 19 years ago

Clicking on gmail link in history does not request login.

Categories

(Firefox :: Bookmarks & History, defect)

Product:
Firefox
Component:
Bookmarks & History
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: amybrookhouser, Unassigned)

References

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4

When clicking on any gmail history item, Mozilla does not request a login no
matter how long since you last logged in. Anyone opening the browser can read
private email and access the account. Does not occur with (sorry, gak) IE.

Reproducible: Always

Steps to Reproduce:
1.Open Mozilla.
2.Go to view/sidebar/history
3.Click on any gmail history item and read all my naughty secrets!

Actual Results:  
Was able to read and access account without ID or password. This is NOT a
password I have allowed Mozilla to save. (Checked password manager to ensure
that I'm not being a dumbass)

Expected Results:  
After closing session, Mozilla should require a password to allow one into the
account.
Works for me (by which I mean I am redirected to the GMail login screen if I try
the steps to reproduce.) 

Build ID: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1)
Gecko/20050814 Firefox/1.0+

When you normally log into GMail, do you tick the "Remember me on this computer"
checkbox? I can only reproduce what you describe if I do that, in which case it
is behaving as intended.
*** Bug 304790 has been marked as a duplicate of this bug. ***
The behavior described occurs for me with Mozilla/5.0 (Windows; U; Windows NT
5.1; en-US; rv:1.9a1) Gecko/20050816 Firefox/1.0+.

It also occurs with IE6 on my machine. Note that gmail doesn't really use
distinct urls for each message (like hotmail seems to), so items in the history
all just take you back to your gmail inbox. Except, of course, for the login
page - it has a distinct url that gets its own item in the history.

My best guess is that this behavior is by gmail design. It works particularly
well with the gmail notifier utility (provided by gmail) because you can get
from the program to your inbox without having to reenter credentials. What I
think you want to do is make sure that you sign out of gmail before closing
firefox (or IE, for that matter). Once you sign out, no amount of history
trickery will get you back to your email without reentering credentials. Signing
out effectively blocks the gmail notifier from jumping straight to the inbox, as
well.

WORKSFORME?
Marking WFM.
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → WORKSFORME
Component: History → Bookmarks & History
QA Contact: history → bookmarks
You need to log in before you can comment on or make changes to this bug.